Close Menu
The Watch
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    The Watch
    Subscribe
    • Home
    • Top Stories
      • USNORTHCOM
      • Homeland Defense
      • Chinese Communist Party (CCP)
      • Russia
    • USNORTHCOM AOR
      • Arctic
      • North America
      • Mexico
      • The Caribbean
    • eTalk/Panel
      • Arctic eTalks
      • Arctic Academic eTalks
      • RUSI NS Panels
      • Perry Center eTalks/Panels
      • Ted Stevens Center eTalks/Panels
    • ASFR
    • Journal
      1. Enduring Partnerships – V6
      2. Mutually Beneficial Trusted Partnerships
      3. Regional Cooperation
      4. U.S. Shares Military Capabilities
      5. Special Reports
      6. Archive
      7. View All

      Fuerzas Amigas

      July 24, 2025

      Operation Amalgam Eagle

      July 24, 2025

      Mexico’s Cyber Force

      July 24, 2025

      Advancing Arctic Collaboration

      July 24, 2025

      Strengthening the Sweden-U.S. Partnership

      July 24, 2025

      Nordic Vision 2030

      July 24, 2025

      Countering CCP Presence

      July 24, 2025

      Defending the North American Arctic

      July 24, 2025

      Guardians of the Arctic

      July 24, 2025

      WHINSEC Supports Homeland Defense

      July 24, 2025

      Advancing Arctic Collaboration

      July 24, 2025

      Maritime Muscle

      July 24, 2025

      Mexico’s Cyber Force

      July 24, 2025

      Fuerzas Amigas

      July 24, 2025

      Operation Amalgam Eagle

      July 24, 2025

      Operation Fenix

      July 24, 2025

      Mexican drug lord Ismael ‘El Mayo’ Zambada pleads guilty in U.S.

      September 5, 2025

      Destroyers head toward waters off Venezuela as U.S. pressures drug cartels

      September 5, 2025

      U.S. seeks to tighten, update drone regulations

      September 4, 2025

      Army launches sweeping overhaul to integrate air, missile and space defense

      September 3, 2025

      Mexican drug lord Ismael ‘El Mayo’ Zambada pleads guilty in U.S.

      September 5, 2025

      Destroyers head toward waters off Venezuela as U.S. pressures drug cartels

      September 5, 2025

      U.S. seeks to tighten, update drone regulations

      September 4, 2025

      Army launches sweeping overhaul to integrate air, missile and space defense

      September 3, 2025

      Mexican drug lord Ismael ‘El Mayo’ Zambada pleads guilty in U.S.

      September 5, 2025

      Destroyers head toward waters off Venezuela as U.S. pressures drug cartels

      September 5, 2025

      U.S. seeks to tighten, update drone regulations

      September 4, 2025

      Army launches sweeping overhaul to integrate air, missile and space defense

      September 3, 2025
    • About Us
      • Contributors
    • Contact Us
    The Watch
    Subscribe
    Home » Chinese company sanctioned in ransomware attacks
    Chinese Communist Party (CCP)

    Chinese company sanctioned in ransomware attacks

    The WatchBy The WatchFebruary 18, 2025Updated:June 10, 2025No Comments3 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    A man holds a laptop computer as cyber code is projected onto him. REUTERS ILLUSTRATION

    THE WATCH STAFF

    A Chinese citizen has been indicted and the Chinese cybersecurity company for which he worked has been sanctioned for their alleged involvement in ransomware attacks that “could have resulted in serious injury or the loss of human life,” the U.S. Treasury Department said in a news release. The U.S. District Court for the Northern District of Indiana issued an arrest warrant for Guan Tianfeng, charging him with conspiracy to commit computer fraud and wire fraud.

    The indictment, unsealed on December 10, 2024, accuses Guan, 30, and co-conspirators at Sichuan Silence Information Technology Co. Ltd. of discovering and exploiting a zero-day vulnerability — a flaw unknown to developers, making it vulnerable to immediate attack. The vulnerability affected certain firewalls sold by U.K.-based Sophos Ltd. — an information technology company that develops and markets cybersecurity products.

    The hacking group allegedly cloaked their activity by using domains designed to look like they belonged to Sophos, Newsweek reported. Ross McKerchar, chief information security officer for Sophos, said in a statement that the hackers had shown “relentless determination.”

    Sophos detected the hacking and fixed corrupted firewalls within two days, leading hackers to tweak their malware so that attempts to remove it would activate ransomware, which blocks users from their systems until a ransom is paid. “Their encryption efforts did not succeed, but demonstrated the conspirators’ disregard for the harm that they would cause to victims,” the Justice Department said in a news release.

    Between April 22 and 25, 2020, Guan “used this zero-day exploit to deploy malware to approximately 81,000 firewalls owned by thousands of businesses worldwide,” the Treasury Department news release said. “More than 23,000 of the compromised firewalls were in the United States. Of these firewalls, 36 were protecting U.S. critical infrastructure companies’ systems. … (T)he potential impact of the Ragnarok ransomware attack could have resulted in serious injury or the loss of human life. One victim was a U.S. energy company that was actively involved in drilling operations at the time of the compromise. If this compromise had not been detected, and the ransomware attack not been thwarted, it could have caused oil rigs to malfunction potentially causing a significant loss in human life.”

    The Justice Department is offering a reward of up to $10 million for information on Guan, Sichuan Silence or anyone else related to the cyberattacks. The Treasury Department imposed sanctions on both Guan and Sichuan Silence. Under the sanctions, all property and interests in property in the United States that belong to Guan, Sichuan Silence and anyone else responsible for the cyberattacks are blocked and must be reported to the Treasury Department’s Office of Foreign Assets Control.

    Guan competed for Sichuan Silence in cybersecurity tournaments and posted zero-day exploits on forums, including some under his online handle GbigMao, the Treasury Department said. Sichuan Silence, based in Chengdu, is a cybersecurity government contractor whose core clients are Chinese intelligence services, Treasury said.

    Cybersecurity contests have grown more popular around the world, and Chinese Communist Party General Secretary Xi Jinping has directed that China be transformed into a “cyber powerhouse.” Some competitions are sponsored by government agencies, including China’s Ministry of Public Security.

    Experts told Newsweek that vulnerabilities discovered in these contests likely benefit Chinese security agencies. In testimony before the House Armed Services Committee on March 12, 2024, Gen. Gregory Guillot, commander of the North American Aerospace Defense Command and U.S. Northern Command, warned of China’s “world-class offensive cyber capabilities.”

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Related Posts

    China, U.S. clash at the U.N. over the Panama Canal

    September 2, 2025

    China, Russia hold joint naval exercise near Japan

    August 18, 2025

    Grynkewich to lead allied forces in Europe

    August 8, 2025

    Comments are closed.

    V6. ENDURING PARTNERSHIPS
    V6. INSERT

    Subscribe and download the latest issue

    The Watch is provided FREE to military and security professionals.

    The Watch
    Facebook X (Twitter) Instagram Pinterest
    © 2025 The Watch.

    Type above and press Enter to search. Press Esc to cancel.

    Subscribe

    Join The Watch Community to receive important updates on

    Homeland Defense issues, events, and our monthly newsletter.

    Subscribe

    * indicates required