The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators had registered legitimate server domains, such as sophosfirewallupdate.com. This script, part of the malicious Asnarök Trojan toolkit, was initially designed to steal data like usernames and passwords from the firewalls and the computers behind them and send them to a Chinese IP address. If the victim attempted to reboot their device, Ragnarok ransomware would automatically install, disabling antivirus software and encrypting every Windows device on the network. However, within two days of the attack, Sophos deployed a patch to impacted firewalls that did not require a reboot and removed all malicious scripts. Guan then modified the malware to install ransomware …