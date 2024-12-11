Ransomware, Threat Intelligence

US moves against Chinese cybersecurity firm over sweeping Ragnarok ransomware attack

Malware attack virus alert. Person use smartphone with virtual warning sign with ransomware word. warning notification, Cyber threats.

(Adobe Stock)

Chinese cybersecurity firm Sichuan Silence has been sanctioned by the U.S. Treasury Department for its role in the widespread exploitation of the Sophos XG firewall zero-day SQL injection flaw, tracked as CVE-2020-12271, to compromise critical infrastructure entities in the U.S. and other parts of the world with the Ragnarok ransomware in 2020, reports BleepingComputer.

Also sanctioned was Sichuan Silence researcher Guan Tianfeng, also known as GbigMao, who identified and leveraged the zero-day to compromise nearly 81,000 firewalls around the world, more than a quarter of which were in the U.S., according to the Treasury Department. Bounties of up to $10 million have already been offered by the State Department's Rewards for Justice Program for any information regarding Sichuan Silence or Guan, who was also indicted by the Justice Department. Such developments have been welcomed by Sophos Chief Information Security Officer Ross McKerchar. "This is a positive step towards disrupting these attackers' operation," McKerchar said.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

VSCode Remote Tunnels exploited in suspected Chinese cyberespionage campaign

Threat actors behind the intrusions initially compromised internet-exposed apps and database servers with SQL injection before proceeding with PHPsert webshell distribution, reconnaissance, credential compromise, lateral movement, and custom Mimikatz injection for pass-the-hash intrusions, according to a joint report from SentinelOne SentinelLabs and Tinextra Cyber.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BackdoorBusiness Email Compromise (BEC)Deauthentication AttackDictionary AttackDistributed ScansDomain HijackingFault Line AttacksGoogle HackingHybrid AttackReconnaissance

You can skip this ad in 5 seconds