In this episode of Fugitive Files, we dive into the shadowy digital underworld behind one of the most dangerous cyber campaigns ever directed at U.S. critical infrastructure. At the center of it all is Guan Tianfeng, a Chinese national accused of unleashing a global wave of cyberattacks that compromised more than 80,000 Sophos firewalls — the very devices meant to keep networks safe.

According to federal prosecutors, Guan conspired to develop and deploy sophisticated malware exploiting a zero-day vulnerability, CVE-2020-12271, granting him and his co-conspirators unprecedented access to sensitive systems worldwide. Working under the banner of Sichuan Silence Information Technology Co. Ltd., a company later sanctioned by the U.S. Treasury for its alleged ties to Chinese intelligence, Guan’s operation went far beyond simple data theft. Investigators say the group attempted to deploy Ragnarok ransomware, potentially threatening hospitals, energy providers, and government networks.

The Department of Justice has charged Guan with multiple counts of computer fraud, wire fraud, and conspiracy to commit offenses against the United States. The FBI has placed him among its most wanted cyber fugitives, and the U.S. State Department is offering up to $10 million for information leading to his arrest — a reflection of just how seriously Washington views his alleged crimes.

A zero-day exploit turned weapon, a company accused of fronting for foreign intelligence, and a hacker who vanished into the digital ether — this is the story of Guan Tianfeng.

This is Fugitive Files. Let’s get into it.