US Offers $10 Million Reward for Information on Wanted Chinese Hacker and Accomplices

The United States has announced a $10 million reward for information leading to the capture of Guan Tianfeng, a Chinese hacker, and his co-conspirators, who are accused of hacking into computer firewalls. The reward was announced on Tuesday by the U.S. State Department.

Tianfeng, 30, has been charged with conspiracy to commit computer fraud and wire fraud. He is believed to reside in China’s Sichuan Province. The U.S. Treasury Department has also imposed sanctions on the company Tianfeng worked for, Sichuan Silence Information Technology Co. Ltd.

The indictment claims that Tianfeng and his co-conspirators at Sichuan Silence exploited a vulnerability in firewalls sold by the UK-based cybersecurity company Sophos Ltd. They allegedly infected tens of thousands of network security devices with malware designed to steal sensitive information from victims globally.

Deputy Attorney General Lisa Monaco stated, “The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world.”

In April 2020, the indictment says that approximately 81,000 firewall devices worldwide were attacked simultaneously, stealing data such as usernames and passwords and attempting to infect the systems with ransomware. Among the affected devices, more than 23,000 were located in the U.S., including 36 protecting “critical infrastructure companies’ systems,” according to the Treasury Department.

FBI agent Herbert Stapleton emphasized, “The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States. If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”

The indictment further reveals that Sichuan Silence sold the stolen data and hacking services to Chinese businesses and government entities, including the Ministry of Public Security.

When contacted, a representative from Sichuan Silence, who answered a call to the company’s phone number, declined to comment on the sanctions, stating that the company “did not accept interviews.”