Guan Tianfeng is wanted for his alleged role in conspiring to access Sophos firewalls without authorization, cause damage to them, and retrieve and exfiltrate data from both the firewalls themselves and the computers behind these firewalls.
The then-zero-day vulnerability in question is CVE-2020-12271 (CVSS score: 9.8), a severe SQL injection flaw that could be exploited by a malicious actor to achieve remote code execution on susceptible Sophos firewalls.
Guan has been accused of developing and testing a zero-day security vulnerability used to conduct the attacks against Sophos firewalls.
In April 2020, Sophos received a bug bounty report about the flaw from researchers associated with Sichuan Silence's Double Helix Research Institute, one day after which it was exploited in real-world attacks.
Collection
[
|
...
]