The world of cyber security is a constant race between hackers and security companies. But a new scandal is rocking the industry: US authorities have targeted a Chinese cyber security company that is said to have caused millions of dollars in damage. 81,000 firewalls from Sophos - a renowned security company - were infiltrated. The perpetrators? Employees of a cyber security company from China. And the reward? Up to 10 million US dollars for clues that bring the perpetrators to justice. But what is really behind this attack?
The background to the attack: How a mistake was exploited
It all started in 2020, when hackers discovered a vulnerability in Sophos firewalls. The so-called "zero-day gap" CVE-2020-12271 gave them the opportunity to access remote computers and steal data. This flaw was particularly dangerous because it allowed the attackers to take over complete administrator access and thus access sensitive information. But what was even more frightening was that this vulnerability could be exploited from the outside via a so-called SQL injection - a process in which the attacker penetrates the systems through insecure databases. It was a perfect target for hackers.
The role of the Chinese cyber security company Sichuan Silence
The company behind the attack, Sichuan Silence, specialized in cyber attacks and espionage. Their aim was not only to steal information, but also to potentially cause damage. According to US authorities, the malware that was developed was designed to not only infiltrate Sophos's firewalls, but also infect network computers. This meant that valuable data was passed on to the attackers. Particularly explosive: a "dead man's switch" in the malware was intended to encrypt Windows systems that were accessible via the affected firewalls with a dangerous ransomware - but fortunately these attempts failed.
The extent of the threat and the authorities' response
Sophos reacted quickly to the attack. Within a few days, a patch was developed that closed the security gap and removed the malware. However, the US authorities also reacted immediately. They imposed sanctions on the company Sichuan Silence and offered a reward of up to 10 million US dollars for information that could lead to the identification of the perpetrators. This shows how seriously the threat of cybercrime is being taken - and how important it is to catch the perpetrators behind the attacks.
Cyber attacks - a global problem
The story of this attack shows once again how vulnerable the digital world is to manipulation and threats. What is striking, however, is how the US authorities deal with such incidents. The high reward for information may show how important it is to solve these crimes, but is that really enough? Is it enough to catch individual perpetrators, or do we need to do much more to prevent such attacks before they happen? Security is not a product that can be bought - it must be actively maintained. Even if cyber attacks are becoming increasingly sophisticated, we must not forget that prevention is the only truly effective protection.
