In response to the indictment, in 2020, Guan and his co-conspirators allegedly developed, examined, and deployed malware that exploited a zero day vulnerability in roughly 81,000 Sophos firewalls worldwide, together with these inside organizations within the Northern District of Indiana.
This vulnerability, later recognized as CVE-2020-12271, was used to compromise the focused methods.
The malware was particularly designed to extract delicate data from the firewalls. To obscure their operations, Guan and his co-conspirators reportedly registered and utilized domains that mimicked Sophos’ official websites, corresponding to sophosfirewallupdate[dot]com.
