The United States has imposed sanctions on the Chengdu-based cybersecurity company Sichuan Silence Information Technology Company, Limited (Sichuan Silence) and its employee Guan Tianfeng for their involvement in compromising tens of thousands of firewalls worldwide, including those safeguarding critical U.S. infrastructure.
Key Actions Taken:
- Sanctions Imposed:
- The U.S. Department of the Treasury announced sanctions under Executive Order 13694, targeting Sichuan Silence and Guan Tianfeng.
- Reward for Justice:
- The U.S. Department of State has offered up to $10 million for information about Sichuan Silence or Guan Tianfeng.
- Criminal Indictment:
- The U.S. Department of Justice unsealed an indictment against Guan, accusing him of deploying malware and attempting to infect systems with ransomware at U.S. critical infrastructure companies in April 2020.
Threat to National Security:
Guan’s malicious actions jeopardized the safety of American citizens by targeting critical infrastructure systems essential to public security. The attacks highlight the persistent threat posed by PRC-based malicious cyber actors, which U.S. agencies continue to address through coordinated actions.
Whole-of-Government Approach:
This multi-agency effort underscores the U.S. government’s commitment to defending against cyber threats, including:
- Sanctions enforcement to disrupt malicious actors.
- Reward offers to encourage public assistance in gathering intelligence.
- Legal action to hold individuals accountable for cybercrimes.
Ongoing Commitment:
The United States remains steadfast in leveraging all available tools to protect critical systems, infrastructure, and the American people from cyber threats originating from China and other state or non-state actors.