Attribute | Details |
---|---|
Threat Actors | Guan Tianfeng (aka gbigmao, gxiaomao), Sichuan Silence Information Technology Company, Limited, U.S. Treasury sanctions on the group, known to support Chinese intelligence activities. |
Campaign Overview | U.S. government charged Guan Tianfeng for exploiting vulnerabilities in Sophos firewall devices globally. Attacks aimed at exfiltrating data, using remote code execution, and deploying ransomware attacks. |
Target Regions | Global attacks, with over 23,000 compromised firewalls located in the United States, targeting critical infrastructure companies. |
Methodology | SQL injection attacks (CVE-2020-12271), authentication bypass (CVE-2022-1040), command injection (CVE-2022-1292), data exfiltration, use of malware like Asnarök trojan and Ragnarok ransomware. |
Product Targeted | Sophos firewall devices globally, U.S. critical infrastructure networks. |
Malware Reference | Asnarök trojan, Ragnarok ransomware variant. |
Tools Used | Sophos domain impersonation (e.g., sophosfirewallupdate.com), malware developed by Sichuan Silence, custom domains for obfuscating malicious activity. |
Vulnerabilities Exploited | CVE-2020-12271 (SQL injection, CVSS 9.8), CVE-2022-1040 (authentication bypass), CVE-2022-1292 (OpenSSL command injection). |
TTPs | Remote code execution, data exfiltration, domain impersonation, ransomware deployment, evasion of detection mechanisms, exploitation of vulnerabilities for network access. |
Attribution | Guan Tianfeng, Sichuan Silence, U.S. government indictment and FBI involvement, attribution to a Chinese nation-state cybersecurity group supporting intelligence operations. |
Recommendations | Patch Sophos firewall systems to mitigate vulnerabilities, adopt stronger cybersecurity monitoring, invest in early transparency practices, and collaborate across industries with law enforcement agencies. |
Source | The Hackers News |
Read full article:https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply