The coordinated actions by the Treasury Department’s Office of Foreign Assets Control (OFAC), the Department of Justice (DoJ), and the FBI highlight the national security risks posed by the attacks, which endangered human lives.

A recently unsealed indictment from an Indiana federal court charges 30-year-old Guan with conspiracy to commit computer and wire fraud. Guan, employed by Sichuan Silence—a contractor for Chinese intelligence—allegedly exploited a zero-day vulnerability in Sophos firewall products, targeting systems worldwide, including one used by a US government agency.

Using the Ragnarok ransomware variant, the hackers would further disable their victims’ anti-virus software, encrypt their systems, and demand payment if victims attempted to remediate the breach.

The DoJ said Sophos discovered the intrusion and remediated its customers’ firewalls in approximately two days, which caused the co-conspirators to modify their malware into the ransomware, which ultimately was thwarted by Sophos as well.

According to authorities, the Chengdu-based firm has long served as a third-party contractor for the People’s Republic of China (PRC) intelligence wing, supplying tools and expertise for cyber exploitation.