U.S. Takes Action in Response to Compromise of Firewall Products

The United States is imposing sanctions today on the Chengdu-based cybersecurity company Sichuan Silence Information Technology Company, Limited (Sichuan Silence), and one of its employees, Guan Tianfeng (Guan), for their roles in the compromise of tens of thousands of firewalls worldwide, including firewalls at U.S. critical infrastructure companies. Concurrently, the U.S. Department of State announced a Rewards for Justice reward offer of up to $10 million for information about Sichuan Silence or Guan. The Department of Justice also unsealed an indictment of Guan.

Guan's deployment of malware to U.S. critical infrastructure companies in April 2020 put American lives at risk. Guan also attempted to infect his victims' systems with ransomware.

Today's multi-agency effort reflects our whole-of-government approach to protecting and defending against PRC cyber threats to Americans and our critical systems. The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors, including Chinese malicious cyber actors who continue to be one of the greatest and most persistent threats to U.S. national security.

The Department of the Treasury sanctions actions today were taken pursuant to Executive Order (E.O.) 13694, as amended. For more information, see Treasury's press release.