Sichuan Silence and one of its employees allegedly exploited a zero-day attack to spread malware to firewall devices, including 23,000 based in the US.
The US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos.
The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in Tuesday’s announcement.
“More than 23,000 of the compromised firewalls were in the United States,” the agency adds. “Of these firewalls, 36 were protecting US critical infrastructure companies’ systems.”
On the same day, the Justice Department unsealed an indictment against Guan, who allegedly also infected a firewall device at a US government agency.
This comes after British cybersecurity provider Sophos published a years-long investigation into Chinese hackers targeting the company’s devices back in 2020. At the time, Sophos found evidence that a device “owned by Sichuan Silence Information Technology’s Double Helix Research Institute” helped plan the attacks.
