| Category | Details |
|---|---|
| Threat Actors | Sichuan Silence Information Technology and Guan Tianfeng, linked to the Chinese government. |
| Campaign Overview | A global cyberattack exploiting a firewall vulnerability, compromising 81,000 firewalls globally, including 23,000 in the US, with malware for credential theft and subsequent ransomware deployment. |
| Target Regions | Global; heavily impacted the US, including 36 critical infrastructure systems and a US energy company. |
| Methodology | Exploitation of a zero-day vulnerability in a popular firewall product to deploy malware and ransomware. |
| Product Targeted | Firewalls (e.g., Sophos XG Firewall, CVE-2020-12271) used by businesses, critical infrastructure, and sensitive operations. |
| Malware Reference | Ragnarok ransomware and Asnarök malware. |
| Tools Used | Zero-day vulnerability exploitation, malware deployment, credential theft tools, and ransomware. |
| Vulnerabilities Exploited | Zero-day vulnerability (e.g., CVE-2020-12271). |
| TTPs | - Exploitation of zero-day vulnerabilities. - Credential harvesting and ransomware deployment. - Possible sharing of gained access with Chinese state agencies. |
| Attribution | Sichuan Silence and Guan Tianfeng, a Chinese government contractor with connections to Chinese cyberespionage groups like APT41, APT31, and Volt Typhoon. |
| Recommendations | - Patch known vulnerabilities promptly. - Enhance monitoring of critical infrastructure systems. - Implement threat intelligence sharing. - Foster collaboration between public and private sectors. |
| Source | Hackread |
Read full article: https://hackread.com/us-sanctions-chinese-cybersecurityfirm-firewall-ransomware/
The above summary has been generated by an AI language model
Leave a Reply