| Attribute | Details |
|---|---|
| Threat Actors | Sichuan Silence Information Technology Company, Guan Tianfeng (aka GbigMao), linked to Chinese APTs |
| Campaign Overview | Exploited zero-day in firewalls to install malware on ~81,000 devices globally, targeting critical infrastructure |
| Target Regions | Global, with significant focus on the U.S. critical infrastructure and South/Southeast Asia |
| Methodology | Zero-day vulnerability exploitation, data theft, ransomware deployment, espionage operations |
| Product Targeted | Sophos XG Firewall, various network routers and edge devices |
| Malware Reference | Asnarök malware, Ragnarok ransomware |
| Tools Used | CVE-2020-12271, zero-day vulnerabilities, brute-force password cracking |
| Vulnerabilities Exploited | Firewall zero-day vulnerabilities, especially CVE-2020-12271 |
| TTPs | Exploitation of firewalls, malware deployment, espionage via state-sponsored hacking groups |
| Attribution | Linked to Chinese intelligence services (Ministry of Public Security), APT41, APT31, Volt Typhoon |
| Recommendations | Rapid patching of firewalls, vulnerability monitoring, collective industry response, early disclosure |
| Source | The Record |
Read full article:https://therecord.media/us-sanctions-chinese-cyber-firm-compromising-firewalls
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply