The United States announced a $10 million reward on Tuesday for information leading to the arrest of Guan Tianfeng, a Chinese national wanted for hacking computer firewalls.
Guan, 30, is believed to reside in Sichuan Province, China, according to the State Department. An indictment unsealed the same day charged him with conspiracy to commit computer fraud and wire fraud.
The Treasury Department imposed sanctions on Guan’s employer, Sichuan Silence Information Technology Co. Ltd., accusing him and his associates of exploiting a firewall vulnerability in devices sold by UK-based cybersecurity firm Sophos Ltd.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information worldwide,” Deputy Attorney General Lisa Monaco said.
In April 2020, approximately 81,000 firewalls were targeted globally, including over 23,000 in the US, 36 of which belonged to critical infrastructure companies. The malware sought to steal usernames, passwords, and other data while also attempting to deploy ransomware.
The FBI credited Sophos for quickly identifying the vulnerability and mitigating potential damage.
According to the indictment, Sichuan Silence sold stolen data and hacking services to Chinese businesses and government agencies, including the Ministry of Public Security.
A spokesperson for Sichuan Silence declined to comment and said Guan was “uncontactable.”
