On December 10, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control designated Sichuan Silence Information Technology Company, Limited, a cybersecurity company based in the People’s Republic of China (“PRC”), and Guan Tianfeng, one of its employees, for efforts to compromise tens of thousands of firewalls around the world, including more than 23,000 U.S.-based critical infrastructure companies, in April 2020. OFAC reported that Guan deployed malware to approximately 81,000 firewalls belonging to thousands of businesses worldwide in an attempt to steal data, including usernames and passwords, after Guan discovered a zero-day exploit in an unnamed firewall product. According to OFAC, the cyberattack could have resulted in serious injury and the loss of human life if the cyberattack had not been identified and quickly remedied by certain critical infrastructure companies.
OFAC designated Sichuan Silence and Guan pursuant to Executive Order 13694, as amended, for engaging in cyber-enabled activities originating outside of the United States that threaten the national security, foreign policy or the economic health and stability of the United States. As a result of these designations, all property and interests in property of the designated persons within the United States or within the possession or control of a U.S. person are blocked, and U.S. persons are generally prohibited from engaging in transactions involving a designated person. Entities owned 50 percent or more by one or more blocked persons are also blocked.
On the same day, the U.S. Department of Justice announced that federal prosecutors in Indiana unsealed an indictment charging Guan, a PRC citizen, and his co-conspirators who worked for Sichuan Silence for their participation in a conspiracy to hack firewall devices around the world in 2020. The U.S. Department of State also announced that Rewards for Justice offered a reward of up to $10 million for any information that might lead to the identification or location of Guan or the conspirators involved in the 2020 cyberattacks.
U.S. Department of Treasury Press Release | DOJ Press Release | Rewards for Justice reward