Press ESC to close

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Attribute Details
Threat Actors Guan Tianfeng (aka gbigmao, gxiaomao), Sichuan Silence Information Technology Company, Limited, U.S. Treasury sanctions on the group, known to support Chinese intelligence activities.
Campaign Overview U.S. government charged Guan Tianfeng for exploiting vulnerabilities in Sophos firewall devices globally. Attacks aimed at exfiltrating data, using remote code execution, and deploying ransomware attacks.
Target Regions Global attacks, with over 23,000 compromised firewalls located in the United States, targeting critical infrastructure companies.
Methodology SQL injection attacks (CVE-2020-12271), authentication bypass (CVE-2022-1040), command injection (CVE-2022-1292), data exfiltration, use of malware like Asnarök trojan and Ragnarok ransomware.
Product Targeted Sophos firewall devices globally, U.S. critical infrastructure networks.
Malware Reference Asnarök trojan, Ragnarok ransomware variant.
Tools Used Sophos domain impersonation (e.g., sophosfirewallupdate.com), malware developed by Sichuan Silence, custom domains for obfuscating malicious activity.
Vulnerabilities Exploited CVE-2020-12271 (SQL injection, CVSS 9.8), CVE-2022-1040 (authentication bypass), CVE-2022-1292 (OpenSSL command injection).
TTPs Remote code execution, data exfiltration, domain impersonation, ransomware deployment, evasion of detection mechanisms, exploitation of vulnerabilities for network access.
Attribution Guan Tianfeng, Sichuan Silence, U.S. government indictment and FBI involvement, attribution to a Chinese nation-state cybersecurity group supporting intelligence operations.
Recommendations Patch Sophos firewall systems to mitigate vulnerabilities, adopt stronger cybersecurity monitoring, invest in early transparency practices, and collaborate across industries with law enforcement agencies.
Source The Hackers News

Read full article:https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *