Indictment made against company and an employee, for his use of a zero-day exploit.
A Chinese cybersecurity company has been sanctioned by the U.S. Treasury over an ambitious cyber-attack.
According to media reports, Sichuan Silence Information Technology Company is accused of deploying malicious software to around 81,000 firewalls run by thousands of companies worldwide in April 2020.
In its statement, the Treasury said three dozen firewalls were protecting the systems of critical infrastructure companies and that, had the hacking not been thwarted or mitigated, the potential impact "could have resulted in serious injury or loss of human life."
In particular, the statement said that an energy company targeted in Sichuan Silence's hacking campaign was "actively involved in drilling" during the attack. Had the hacking not been thwarted, the statement said, "it could have caused oil rigs to malfunction."
Also named in the indictment was an employee of Sichuan Silence, Guan Tianfeng, who apparently discovered and used a zero-day exploit against the firewalls to deploy the malware.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
