Security
Headlines
HeadlinesLatestCVEs

Headline

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

DARKReading
#sql#vulnerability#rce#auth#zero_day#sap

Source: B Christopher via Alamy Stock Photo

NEWS BRIEF

The US government unsealed charges yesterday against a Chinese national who allegedly broke into approximately 81,000 of Sophos firewall devices around the world in 2020.

Guan Tianfeng, also known as gbigmao and gxiaomao, was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Tianfeng has also been accused of developing and testing a zero-day security vulnerability used to conduct the Sophos attacks.

The zero-day vulnerability in question is tracked as CVE-2020-12271 and has a CVSS score of 9.8, a critical SQL injection flaw that could allow a threat actor to achieve remote code execution (RCE).

A federal arrest warrant was issued for Tianfeng in the US District Court, Northern District of Indiana, Hammond Division, and it is believed that he is currently residing in Sichuan Province, China.

The Rewards for Justice Program through the US Department of State is offering an award of up to $10 million for information on Tianfeng and the offices he worked out of, Sichuan Silence Technology Company Ltd., as well as associated individuals and their malicious activity.

“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew Olsen, in a press release. “The Department of Justice will hold accountable those who contribute to the dangerous ecosystem of China-based enabling companies that carry out indiscriminate hacks on behalf of their sponsors and undermine global cybersecurity.”

Any tips or information can be made with the FBI via WhatsApp, Signal, Telegram, or tips.fbi.gov.

About the Author

Skilled writer and editor covering cybersecurity for Dark Reading.

Related news

US Sanctions Chinese Cybersecurity Firm for Firewall Exploit, Ransomware Attacks

SUMMARY The United States has taken strong action against a Chinese cybersecurity company, Sichuan Silence Information Technology, for…

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

CVE-2020-12271: “Asnarök” Trojan targets firewalls

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

DARKReading: Latest News

US Ban on TP-Link Routers More About Politics Than Exploitation Risk