NEWS BRIEF
The US authorities unsealed fees yesterday in opposition to a Chinese language nationwide who allegedly broke into roughly 81,000 of Sophos firewall units around the globe in 2020.
Guan Tianfeng, also referred to as gbigmao and gxiaomao, was charged with conspiracy to commit pc fraud and conspiracy to commit wire fraud. Tianfeng has additionally been accused of creating and testing a zero-day safety vulnerability used to conduct the Sophos assaults.
The zero-day vulnerability in query is tracked as CVE-2020-12271 and has a CVSS rating of 9.8, a vital SQL injection flaw that would enable a menace actor to attain distant code execution (RCE).
A federal arrest warrant was issued for Tianfeng within the US District Courtroom, Northern District of Indiana, Hammond Division, and it’s believed that he’s at the moment residing in Sichuan Province, China.
The Rewards for Justice Program by means of the US Division of State is providing an award of as much as $10 million for info on Tianfeng and the workplaces he labored out of, Sichuan Silence Know-how Firm Ltd., in addition to related people and their malicious exercise.
“The defendant and his conspirators compromised tens of 1000’s of firewalls after which continued to carry in danger these units, which defend computer systems in the USA and around the globe,” mentioned Assistant Lawyer Basic for Nationwide Safety Matthew Olsen, in a press launch. “The Division of Justice will maintain accountable those that contribute to the harmful ecosystem of China-based enabling corporations that perform indiscriminate hacks on behalf of their sponsors and undermine international cybersecurity.”
Any ideas or info will be made with the FBI by way of WhatsApp, Sign, Telegram, or ideas.fbi.gov.
