Update 12/10/2024: On December 10, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Sichuan Silence Information Technology company, and one of its employees, Guan Tianfeng, for involvement in compromise of firewall products and attempted ransomware attacks; the US Department of Justice unsealed an indictment on Guan; and the State Department announced a Rewards for Justice reward of up to $10 million for information on Guan, Sichuan Silence, associated individuals or entities, or their malicious cyber activity .

For five long years, Sophos, a United Kingdom (UK)-based information security company, battled Chinese nation-state threat actors who lobbed “botnets, novel exploits, and bespoke malware” against the company’s firewalls and other perimeter devices. Sophos described this battle in its October 2024 “Pacific Rim” report series. Many in the industry applauded Sophos for “being so forthcoming about attacks targeting their own products.” Ot…