The U.S. has imposed sanctions on Sichuan Silence Information Technology Company, Limited (Sichuan Silence) - a government contractor serving Chinese intelligence agencies - and one of its employees, Guan Tianfeng, for their roles in a major cyberattack targeting tens of thousands of firewalls worldwide in April 2020.
Among the victims were U.S. critical infrastructure entities, underscoring the persistent cyber threats posed by malicious actors linked to China, according to the Department of the Treasury’s Office of Foreign Assets Control (OFAC).
The cyberattack compromised approximately 81,000 firewalls globally, including over 23,000 in the United States. The attackers deployed malware to steal sensitive data and attempted to install the Ragnarok ransomware, which disables anti-virus software and encrypts the computers on a victim’s network if they attempt to remedy the compromise. One U.S. energy company narrowly avoided significant damage that might have led to the malfunctioning of oil rigs, potentially endangering lives.
Guan Tianfeng, a Chinese national and former security researcher at Sichuan Silence, was identified as the key perpetrator behind the firewall compromise. Operating under the pseudonym "GbigMao," Guan leveraged tools and pre-positioning devices provided by his employer, Sichuan Silence.Â
Federal Bureau of Investigation
The U.S. Department of Justice (DOJ) has unsealed an indictment against Guan for his involvement in the attack, and the State Department has announced a Rewards for Justice offer of up to $10 million for information about Sichuan Silence or Guan.
Sichuan Silence’s core activities reportedly include computer network exploitation, email monitoring, password cracking, and suppression of dissent on behalf of Chinese intelligence services. The firm’s connections to state-sponsored cyber operations highlight the escalating cyber threats from China, as noted in the 2024 Annual Threat Assessment by the Office of the Director of National Intelligence.
The OFAC sanctions block all U.S.-based property and interests of the designated entities and prohibit U.S. persons from conducting transactions with them. Financial institutions engaging with the sanctioned parties also risk penalties.
“The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior,” the Treasury Department emphasized in its announcement.
