The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports:
According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a Chengdu-based cybersecurity government contractor (recently profiled by the Natto Thoughts team) that provides products and services to core clients like China’s intelligence services.
The company’s services include computer network exploitation, brute-force password cracking, email monitoring, and public sentiment suppression.
OFAC says the zero-day used in the April 2020 campaign was discovered by security researcher and Sichuan Silence employee Guan Tianfeng (also known as GbigMao) in an unnamed firewall product.
“Between April 22 and 25, 2020, Guan Tianfeng used this zero-day exploit to deploy malware to approximately 81,000 firewalls owned by thousands of businesses worldwide,” a press release published today revealed.
Read more at BleepingComputer.
Tianfeng has been indicted, and there is a $10 million reward for information on him or Sichuan Silence.