The United States has intensified its campaign against cybercrime, imposing sanctions and announcing a $10 million reward for information leading to the arrest of Guan Tianfeng, a 30-year-old Chinese national accused of orchestrating global cyberattacks.
According to the US State Department, Guan, believed to reside in China’s Sichuan Province, has been implicated in hacking operations targeting thousands of computer networks worldwide, including critical infrastructure in the United States.
The US Justice Department has recently released an arrest warrant of conspiracy to commit computer and wired fraud by Guan. As per the details given in the indictment, Guan and his associates targeted those firewalls that were manufactured by UK-based Sophos Ltd company. They began a simultaneous assault on about 81,000 firewalls worldwide on April 20, 2020, which included 23,000 firewalls in the United States. Of these, 36 were in critical infrastructure systems.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” said Deputy Attorney General Lisa Monaco.
The malware was aimed at gaining access to personal data such as usernames and passwords and on top of that it tried to download ransomware that would prevent users from accessing their computers unless they paid a certain amount of money.
The US Treasury Department put sanctions on Sichuan Silence Information Technology Co. Ltd., where Guan was working at the time the sanctions were announced. The firm is charged with offering stolen information and cyber criminal offerings to Chinese firms and authorities, including the Ministry of Public Security.
“Sichuan Silence exploited vulnerabilities for malicious purposes, jeopardizing businesses and critical infrastructure worldwide,” said FBI agent Herbert Stapleton. He credited Sophos Ltd. for its rapid response in identifying the vulnerability and mitigating potential damage.
Human Rights Sanctions
On the same day, the U.S. Commerce Department announced sanctions on eight companies from China, Myanmar, and Russia for alleged human rights violations.
- China: Beijing Zhongdun Security Technology Group and Zhejiang Uniview Technologies were blacklisted for providing surveillance technology used in repressing Uyghurs and other minorities.
- Myanmar: Sky Aviator Company and Synpex Shwe Company were penalized for supplying components to the military junta, linked to attacks on civilians.
- Russia: Aviasnab LLC and Joint Stock Company Gorizont faced sanctions for supporting Myanmar’s junta, while two other firms were penalized for domestic human rights abuses.
Broader Implications
The sanctions make it unlawful for any company in the United States to do business with the named companies. The measures were announced by the undersecretary of Commerce for industry and Security, Alan Estevez, stated, “These measures aim to prevent U.S. technology from enabling human rights abuses while reinforcing America’s commitment to safeguarding global human rights.”
The U.S. government’s actions underscore its focus on both cybersecurity and human rights as it seeks to counteract malicious activities that threaten national security and global ethical standards.
