Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

NEWS BRIEF

The US government unsealed charges yesterday against a Chinese national who allegedly broke into approximately 81,000 of Sophos firewall devices around the world in 2020.

Guan Tianfeng, also known as gbigmao and gxiaomao, was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Tianfeng has also been accused of developing and testing a zero-day security vulnerability used to conduct the Sophos attacks.

The zero-day vulnerability in question is tracked as CVE-2020-12271 and has a CVSS score of 9.8, a critical SQL injection flaw that could allow a threat actor to achieve remote code execution (RCE).

A federal arrest warrant was issued for Tianfeng in the US District Court, Northern District of Indiana, Hammond Division, and it is believed that he is currently residing in Sichuan Province, China.

The Rewards for Justice Program through the US Department of State is offering an award of up to $10 million for information on Tianfeng and the offices he worked out of, Sichuan Silence Technology Company Ltd., as well as associated individuals and their malicious activity.

"The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world," said Assistant Attorney General for National Security Matthew Olsen, in a press release. "The Department of Justice will hold accountable those who contribute to the dangerous ecosystem of China-based enabling companies that carry out indiscriminate hacks on behalf of their sponsors and undermine global cybersecurity."

Any tips or information can be made with the FBI via WhatsApp, Signal, Telegram, or tips.fbi.gov.