Sichuan Silence Information Technology and Guan Tianfeng: Your Criminal Our Hero
Even before DeepSeek's debut sparked pride among Chinese netizens, US sanctions on Sichuan Silence developer Guan Tianfeng triggered online vows to "march forward" in cyberpower competition
The release of the DeepSeek AI chatbot in January 2025, shaking up stock markets and the American tech sector, set off an explosion of glee in Chinese social media. Chinese netizens portrayed the event as “the tipping point for the global technological rivalry with the United States and the ‘darkest hour’ in Silicon Valley,” according to the New York Times.
The previous month, Chinese social media users had expressed similar enthusiasm about the Chinese cybersecurity company Sichuan Silence Information Technology Company (Sichuan Silence), and one of its employees, Guan Tianfeng (关天烽), after the United States took action against that company. Less than a week after the Natto Team published the post “Sichuan Silence Information Technology: Great Sounds are Often Inaudible,” on December 10, 2024 the US Department of the Treasury sanctioned Sichuan Silence and its employee Guan Tianfeng for compromising tens of thousands of firewalls worldwide in April 2020. Also on December 10, the US Department of Justice (US DoJ) unsealed an indictment on Guan, alleging that Guan developed and tested the zero-day vulnerability used to conduct the attack on Sophos firewalls, and the State Department announced a Rewards for Justice (RFJ) reward of up to US$10 million for information on Guan, Sichuan Silence, associated individuals or entities, or their malicious cyber activity. An FBI wanted poster on Guan Tianfeng, in both English and Chinese, featuring five pictures of Guan, is available as well.
Chinese media – mostly non-state official media, widely reported the news about Sichuan Silence and Guan Tianfeng. Many search prompts showed that Chinese netizens wanted to know who Guan Tianfeng is. Social media comments praised Guan as a “Chinese Honker” (referring to a “red hacker,” i.e. patriotic hacker), a “rarely seen genius Chinese hacker”, and a “hero” of the country. The media reporting and comments on the news have portrayed him in a positive light. For example, comments stated that the $10 million US dollar reward for Guan is a recognition of Guan’s talent and China’s cyber security capability. As the news unfolds, more scrutiny around Sichuan Silence and Guan have surfaced as well as questions and puzzles.
Did Sichuan Silence Halt its operations around 2020 or 2021?
The Natto Team’s previous piece about Sichuan Silence reported that the company, formerly very public, had gone quiet since 2020. We noticed Sichuan Silence’s website appeared to have fallen into disuse around April 2020. The last news update on the site was on April 7th, 2020 with an article that promoted the company’s cyber range service – an “attack and defense drill platform” (攻防演练平台). That was the month that Sophos’ Pacific Rim report identified a Sichuan Silence device used in an attack. The indictment of Guan from the US DoJ alleged that in April 2020, Guan and his conspirators deployed a zero-day exploit, which they had developed and tested, against approximately 81,000 Sophos firewall products. Since 2020, Chinese media also contains almost no public references to Sichuan Silence or to its founder, Huang Yong.
In our previous Sichuan Silence post, the Natto Team detailed how Sichuan Silence appears to have fallen into crisis in 2020. In the leaked i-SOON documents, i-SOON executives discussed Sichuan Silence’s debt in September 2020, despite the fact that the pay of Sichuan Silence employees seemed higher than that of i-SOON personnel. In August 2020 Sichuan Silence employees reported to a Sichuan provincial government agency that their company had not paid them for more than three months and had fallen behind on their social credit insurance and provident fund payments. Since then, the court has issued debt judgments 152 times against Sichuan Silence, ordering it to pay debts of close to 70 million Chinese renminbi (equivalent to about US$9.7 million at current exchange rates). Company founder and former CEO Huang Yong was stripped of his holdings on June 6, 2023. As of January 2025, the company has nine owners: five companies and four individuals. On December 25 2024 an unknown person had filed a request to a court seeking bankruptcy for the company. It would appear that companies like Sichuan Silence are very vulnerable and receive little protection from the government even after carrying out contracts such as the alleged operation targeting Sophos firewalls.
Despite all these signs of crisis, however, as of January 2025 Chinese business registration data shows the company as still in operation, with several Sichuan-region government clients such as the provincial government office and China Telecom’s Sichuan branch. What is going on?
Interestingly, right after the news about the US’s sanction and indictment on Sichuan Silence and Guan Tianfeng on December 10, company founder and former CEO Huang Yong posted a poem in a five-character classical poetry style on Weixin (Chinese mainland version of social media platform WeChat). The poem said the company “has been in ‘lockout’ for four years when rage from outside is evident.” Huang used the Chinese phrase 停摆 (tíng bǎi), which has the meaning of “lockout”, “stop,” or “standstill,” “pause,” or “halt.” But the phrase does not have a clear meaning of whether the company was out of business. Huang’s statement that the company has been in lockout for four years suggests that this pause began around 2020 or 2021. This aligns with the Natto Team’s previous analysis that the company had gone quiet since 2020. Enthusiastic Chinese social media commentators also discovered that the number of employees according to Sichuan Silence employee social insurance registration had gone to zero by 2021 (see screenshot below). This means that legally the company had no employees since then, unless employees work without labor contracts which are required by China’s Labor Contract Law.
Did Sichuan Silence halt its operation around 2020 or 2021? Or did it shift to classified work? In 2021, although the company registered itself as having zero employees, Meta (formerly Facebook) identified Sichuan Silence as being involved in a Chinese influence operation. Meta discovered Sichuan Silence employees as having “technical links” to fake accounts used in a July 2021 Chinese influence operation abusing the Facebook platform. The Natto Team also discovered that in November 2023 Sichuan Silence advertised in a hiring website for six positions, including software security researcher for Android devices, web security software testing engineer, data mining engineer and software engineer. The hiring ads suggest that the company remained active.
Did Guan Tianfeng, the Genius Patriotic Hacker, Not Get Paid Properly after His Heroic Hack?
As a Chinese saying goes: no coincidence, no story (无巧不成书). As Sichuan Silence went through its apparent economic crisis, Guan Tianfeng, the $10 million dollar wanted hacker and employee of Sichuan Silence, seems to have been one of the employees who did not get compensated properly. Guan took the company to court. After the US government’s exposure of Sichuan Silence on December 10, 2024, Chinese social media commentators have discovered a year-old court record from China Judgements Online, a government court case archive platform, about Guan’s case (see screenshot below). On July 16, 2020, Guan Tianfeng sued Sichuan Silence in a labor dispute case. After about three weeks, on August 7, Guan filed an application to withdraw the case. Although the court document didn’t disclose case details, a labor dispute case is often related to wages, bonuses, benefits or other conditions of work. As mentioned above, in August 2020, which was the month that Guan withdrew his labor dispute case, employees of Sichuan Silence reported to a Sichuan provincial government agency that they had gone three months without pay. Apparently, Guan was not the only one who had the labor dispute with Sichuan Silence. It is possible the company negotiated a deal with Guan, so Guan withdrew the court case. Looking back now, it seems Guan had not received a proper reward for his “outstanding” job in the April 2020 Sophos firewall hack. Several Chinese social media commentators speculated that Guan likely didn’t even get paid on time or didn’t get the bonus that he was promised, as a labor dispute often has these kinds of disagreement. One of the Chinese online comments expressed anger that Guan was treated unfairly despite what he had done for “the country.” The commentator wrote, “now Guan would rather turn himself in for the $10 million US dollar reward.”
Are the US Sanctions and Indictments Incentives for Chinese hackers to “March Forward”?
The overwhelming Chinese media reporting and social media posts about Sichuan Silence and Guan Tianfeng centered around the “sky-high bounty” of $10 million US dollars on Guan. In fact, this was the second time that the US Department of State’s Rewards for Justice (RFJ) program offered such a reward related to Chinese malicious cyber activity. On March 25, 2024, the RFJ program offered up to US$10 million for information on seven APT31- affiliated actors. In contrast, this time Guan alone merited the $10 million dollar reward. Many comments in the Chinese Internet sphere on this high reward are full of nationalistic sentiments, stating that “this represents China’s solid cyber security capability.” One commentator wrote:
“In the escalating competition in cyberspace in recent years, China and the United States have been in constant battle … Guan Tianfeng’s actions have demonstrated China’s ability to fight back and technological innovation in the field of cybersecurity. … Now, the U.S. has put a $10 million bounty on Guan Tianfeng, but that won't sway our support for him. Sichuan Silence Information Technology Company, where he worked, has also been put on the sanctions list, but this will only incentivize the development of our own cyber technology. In the battle of technology and ideology, China's cybersecurity talent is the real king.”
Another comment asserted that the case of Sichuan Silence and Guan means the escalation of cyber warfare and great power competition: “The U.S. offering a reward of ten million dollars for Guan Tianfeng's capture is not only a recognition of his personal ability, but also a major declaration of cyber warfare between China and the U.S.”
Many comments urged protection for Guan Tianfeng and suggested that he be offered a state job. One person recommended Guan work for Sichuan Discovery Dream Science and Technology Corp (观想科技), a Chengdu-based military industrial technology company, through the company’s investor interaction platform, so Guan could contribute to the national defense. The company answered with “Salute to China’s science and technology talent.”
Lastly, the founder and ex-CEO of Sichuan Silence, Huang Yong, expressed his thoughts with a Weixin post referring to the US sanctions and “Wanted” reward. Huang wrote another poem with pictures of Sichuan Silence’s logo (see screenshot below), lamenting the company’s current plight, celebrating its achievements and expressing confidence that it was “marching forward.” The poem read:
To everyone who has worked with us To every customer in the past Because of the trust, (we) become colleagues Because it is worthwhile, (we) choose Because of love, so no hesitation Because of passion, no matter what the cost The storm will always pass Value will be reconstructed We will make up for what we owe No matter when, no matter where, no matter where from, no matter where to Always worried about (you) Marching, marching, marching Wish you all the best for the future After the storm, there will be a rainbow”
Certainly, Huang’s confidence of looking forward to a “rainbow” after the storm is not just a cliché. The cheers for Sichuan Silence and Guan might have been very comforting for him. On the other hand, by publicly calling out this Chinese company and individual, in an effort to hold them accountable, the US government appears to have created an incentive for Chinese patriotic hackers to “march forward.” As Christopher Painter, a veteran federal prosecutor of cyber cases and former State Department official, asked about the efficacy of publicly calling out a company in the Salt Typhoon case, Mr. Painter told the Washington Post: “This has always been a challenge: Do you take the subject down or call them out? Or when is the best moment to take them down?” Yes, we face the challenge again.