[ad_1]
The United States has imposed sanctions on a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target US institutions.
The US Treasury Department said on Tuesday that Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to breach nearly 81,000 firewalls in April 2020. Detailed by Sophos in Novemberled to the breach of more than 23,000 firewalls in the United States, dozens of which were used by government agencies and critical infrastructure companies.
One of these companies was an energy company involved in drilling operations. The Treasury noted that the incident could have caused “significant loss of human life” had the attack been successful.
“The purpose of this exploit was to use compromised firewalls to steal data.” The closet said. “However, Guan also attempted to infect victims’ systems using the Ragnarok ransomware variant.”
[ad_2]