The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations.
On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in November, led to the compromise of more than 23,000 firewalls in the U.S., dozens of which were used at a government agency, and critical infrastructure companies.
One of these was an energy company involved in drilling operations. The Treasury noted that the incident could have caused “significant loss in human life” if the attack had been successful.
“The purpose of the exploit was to use the compromised firewalls to steal data,” the Treasury said. “However, Guan also attempted to infect the victims’ systems with the Ragnarok ransomware variant.”