The United States has announced a $10 million reward for information leading to the arrest of Guan Tianfeng, a 30-year-old Chinese national accused of orchestrating global cyberattacks. The U.S. Department of State revealed on Tuesday that Guan believed to be residing in China’s Sichuan Province, is wanted for hacking computer firewalls and compromising critical systems worldwide.
An indictment unsealed the same day charges Guan with conspiracy to commit computer fraud and wire fraud. His alleged activities have also drawn sanctions from the U.S. Treasury Department against his employer, Sichuan Silence Information Technology Co. Limited.
According to the indictment, Guan and his co-conspirators exploited a vulnerability in firewalls manufactured by Sophos Limited, a UK-based cybersecurity firm. These firewalls are widely used by businesses and institutions to protect their networks. Deputy Attorney-General Lisa Monaco highlighted the scope of the attacks, stating, “The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world.”
In April 2020, the hackers launched a massive coordinated attack on approximately 81,000 firewall devices worldwide. Their goal was to steal sensitive data, including usernames and passwords, while simultaneously attempting to install ransomware on the compromised systems.
The indictment revealed that more than 23,000 of the targeted firewalls were located in the United States. Among these, 36 belonged to companies classified as critical infrastructure, underscoring the potential threat to national security. The U.S. Treasury Department emphasized that the attackers exploited a zero-day vulnerability, a previously unknown software flaw, to breach the systems.
Herbert Stapleton, an FBI cybersecurity expert, acknowledged Sophos’ swift response in mitigating the damage. “If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe,” he said.
The indictment further alleges that Sichuan Silence Information Technology Co. Limited, where Guan worked, monetized the stolen data by selling it to Chinese businesses and government entities, including the Ministry of Public Security. The company also allegedly offered hacking services to clients.
The U.S. government has since imposed sanctions on Sichuan Silence, restricting its ability to engage in international business and financial transactions.
The case of Guan Tianfeng underscores growing concerns about state-sponsored cybercrime and the role of private companies in facilitating such activities. By offering a significant financial reward, the United States aims to pressure Guan and his associates while sending a clear message about its commitment to combating global cyber threats.
The reward is part of the State Department’s Rewards for Justice Program, which has been instrumental in tracking down international criminals. This case is expected to serve as a warning to other entities engaged in similar activities, with the United States signalling its determination to protect its digital infrastructure and hold perpetrators accountable.