Guan Tianfeng a Chinese hacker has been charged

U.S. Government Charges Chinese National for Sophos Firewall Exploits

Washington, D.C. — The United States government on Tuesday 12/10/2024 unsealed charges against Guan Tianfeng, also known by his aliases “Gbigmao” and “Gxiaomao,” for his alleged involvement in a global hacking /campaign targeting Sophos firewall devices in 2020. The Federal Bureau of Investigation (FBI) announced that it has charged Guan, a Chinese national, with conspiracy to commit computer fraud and wire fraud.

Guan Tianfeng was reportedly employed

by Sichuan Silence Information Technology Company, Limited a firm based in China. According to the FBI, Guan exploited a then-zero-day vulnerability identified as CVE-2020-12271, a critical SQL injection flaw with a CVSS score of 9.8. This vulnerability allowed malicious actors to achieve remote code execution on affected Sophos firewall devices.

The FBI stated that Guan’s actions compromised approximately 81,000 firewalls worldwide. These devices, often used by businesses and organizations to secure their networks, were left vulnerable due to the exploit, enabling attackers to gain unauthorized access to sensitive data and networks.

The charges come amid growing international concern over state-sponsored cyberattacks. While the FBI has not explicitly linked Guan’s actions to the Chinese government, experts speculate that such operations often have tacit approval or support from state entities. The U.S. Department of Justice emphasized the severity of the breach, describing it as a “global attack on cybersecurity.”

According to investigators, Guan’s hacking activities began in early 2020

when the CVE-2020-12271 vulnerability was still unknown to the public. This zero-day flaw was exploited to infiltrate networks, steal sensitive information, and potentially lay the groundwork for further attacks.

Sophos, the cybersecurity firm responsible for the affected firewalls, disclosed the vulnerability in April 2020 and promptly released a patch. However, the damage was already extensive. The company’s spokesperson stated, “We worked tirelessly to address this issue, but the speed and scale of the attack highlight the importance of immediate patch management.”

Cybersecurity analysts noted that the CVE-2020-12271 flaw was particularly dangerous due to its simplicity and effectiveness. SQL injection vulnerabilities allow attackers to manipulate databases and execute arbitrary commands, making them a preferred method for cybercriminals targeting enterprise systems.

The U.S. government’s charges against Guan include detailed allegations of his methods.

Court documents reveal that Guan used sophisticated obfuscation techniques to avoid detection. He allegedly employed multiple proxy servers and encrypted communication channels to mask his identity and location while carrying out the attacks.

“This case underscores the need for robust international cooperation in combating cybercrime,” said FBI Director Christopher Wray. “Threat actors like Guan Tianfeng exploit global connectivity for personal gain, often causing significant damage to critical infrastructure and data security.”

The FBI worked closely with cybersecurity researchers and international partners to identify Guan as the primary suspect. Digital forensic evidence, including IP addresses, email communications, and server logs, played a crucial role in linking him to the attacks. The investigation remains ongoing, with the FBI urging any affected organizations to come forward with additional information.

Experts believe this case highlights the persistent threat posed by zero-day vulnerabilities.

“Hackers are constantly on the lookout for unpatched systems and undisclosed flaws,” said Lisa Carter, a cybersecurity analyst at CyberSafe Solutions. “Organizations must prioritize security updates and invest in intrusion detection systems to mitigate these risks.”

The charges against Guan could strain U.S.-China relations further, as cyber espionage has been a contentious issue between the two nations. The U.S. government has repeatedly accused China of harboring or supporting cybercriminals targeting American businesses and institutions, allegations that China has consistently denied.

Sichuan Silence Information Technology Company, Limited

where Guan was employed, has yet to release a statement regarding his alleged activities. Industry experts are calling for increased scrutiny of firms suspected of enabling or ignoring cybersecurity breaches within their ranks.

If convicted, Guan faces significant penalties, including prison time and fines. The U.S. Department of Justice has reiterated its commitment to holding cybercriminals accountable, regardless of their nationality or location.

This case serves as a stark reminder of the vulnerabilities inherent in modern network systems and the importance of staying vigilant. Organizations should actively review their cybersecurity measures and update all software and hardware to maintain optimal protection.

As the investigation unfolds, the cybersecurity community remains on high alert.

The exploitation of CVE-2020-12271 serves as a cautionary tale for both businesses and individuals about the risks of neglecting timely software updates and the pervasive threat of global cybercrime.

The charges against Guan Tianfeng mark another chapter in the ongoing battle against cybercriminals exploiting technological vulnerabilities for illicit gain. While the full extent of the damage remains unclear, the FBI’s action underscores the need for collective efforts to secure digital infrastructure in an increasingly interconnected world.

Read the official FCI wanted poster and information about Guan Tianfeng aka gbigmao and gxiaomao by visiting here https://www.fbi.gov/wanted/cyber/guan-tianfeng

If you have any information about this person, please contact the FBI through WhatsApp, Signal, or Telegram (independent platforms not operated or controlled by the government) at 317-792-1100. Alternatively, you can reach out to your local FBI office, the nearest U.S. Embassy or Consulate, or submit a tip online at tips.fbi.gov.