On Tuesday, December 10, the U.S. government announced sanctions against the Chinese cybersecurity company “Sichuan Silent Information Technology Company” and its employee Guan Tianfeng.
**Translation:**
The Sichuan Silent Information claims to be a major online security support unit for the Ministry of Public Security of the CCP, as well as a “national important vulnerability platform support unit” for the CCP.
The Department of Justice also announced the indictment of Guan Tianfeng in Indiana.
According to the indictment, Guan Tianfeng is charged with exploiting a zero-day vulnerability in a firewall product from the British cybersecurity company Sophos. Zero-day vulnerabilities refer to previously unknown flaws in computer software or hardware that can be exploited for cyber-attacks.
From April 22 to 25, 2020, Guan Tianfeng used this zero-day vulnerability to deploy malicious software to around 81,000 firewall products used by thousands of enterprises globally. His aim was to steal data, including usernames and passwords, from the infiltrated firewalls, which included a U.S. government department.
Guan Tianfeng also attempted to infect victims’ systems with a variant of the Ragnarok ransomware. This ransomware disables antivirus software and encrypts computers on the victim’s network when they try to take remedial actions.
Deputy Attorney General Lisa Monaco stated that the defendant and his accomplices exploited vulnerabilities in tens of thousands of network security devices with malicious software to steal information from global victims.
“Today’s indictment reflects the Department of Justice’s commitment to collaborating with governments and global partners to identify and hold accountable malicious network actors threatening global cybersecurity from (Communist) China or elsewhere,” she said.
Matthew Olsen, Assistant Attorney General for National Security, mentioned that the Department of Justice would hold these individuals engaging in dangerous ecosystem activities accountable.
“These dangerous ecosystems, supported by companies based in China, conduct indiscriminate hacking attacks on behalf of their sponsors, undermining global cybersecurity,” he explained.
The U.S. Treasury Department stated in a release that malicious network actors, including those operating in China, remain one of the biggest and most enduring threats to U.S. national security, as emphasized in the Office of the Director of National Intelligence’s “2024 Threat Assessment.”
The Office of Foreign Assets Control of the U.S. Treasury Department announced sanctions against Sichuan Silent and Guan Tianfeng.
The State Department also announced a reward of up to $10 million for information leading to the identification or location of Guan Tianfeng or any individuals engaging in malicious cyber activities against critical U.S. infrastructure under foreign government direction or control. Such activities contravene the U.S. Computer Fraud and Abuse Act.
According to the official website of Sichuan Silent, the company is a high-tech enterprise dedicated to technical research, product development, and technical services in the field of network and information security, providing technical support to the Ministry of Public Security of the CCP and the China National Computer Emergency Response Team (CNCERT). CNCERT is a key team in coordinating China’s network security emergency response.
The headquarters of the company is located in the Gaoxin District of Chengdu, Sichuan Province, with branches in Beijing, Chongqing, Guiyang, Yunnan, Tibet, Northwest, Jiangxi, and other areas. The company currently has over 200 employees, with 75% being technical personnel.
The company has received outstanding results in numerous network security competitions in China, including the “Network Protection-2018” key information infrastructure network attack and defense practical exercises organized by the Ministry of Public Security of the CCP.
In 2020, the company was also selected as a cybersecurity demonstration project by the Ministry of Industry and Information Technology of the CCP, where its system “uses technologies such as Big Data, cloud computing, artificial intelligence, etc., to provide Internet-sensitive information exposure monitoring services to enterprises through SaaS.”
In October, Sophos released multiple reports detailing the activities of CCP hacker organizations over the past five years. The reports described these active CCP hackers as posing advanced persistent threats, with an “unusual understanding of device firmware internal structures.”
According to the reports, Sichuan Silent, along with other previously exposed private cybersecurity companies such as Sichuan Anshun and Chengdu 404, are part of the same circle and are acquainted with each other. Anshun and 404 have close relationships with the CCP government and police, acting as private contractors for the CCP government.
Five hacker employees of Chengdu 404 were indicted by the U.S. Department of Justice in 2020.
Over the past two decades, the demand for overseas intelligence by the CCP’s national security agencies has surged, giving rise to a massive network comprised of private hired hacker companies operating outside China. These companies have penetrated hundreds of systems outside China.
These private hacker contractors steal data from other countries and then sell it to the CCP authorities. Some even bid on CCP theft operations, hoping to receive government funding support.
Interestingly, the official website of Sichuan Silent stopped updating after April 2020, with employees publicly complaining about unpaid wages for months.
Since then, Sichuan Silent has remained silent. However, a few years later, the company unexpectedly posted job advertisements for six positions on a recruiting website in November 2023.
Cybersecurity observers have questioned whether the company has been directly recruited by the CCP government to start performing classified work.
Another piece of evidence is that, in 2021, Meta reported that Sichuan Silent was suspected of using hundreds of Facebook platform accounts to spread false information regarding the CCP’s COVID (Communist virus) origin, serving the so-called CCP’s “China Influence Campaign.”