The person at the center of this case
Multiple companies and government entities
Cold Case · Open
6 years waiting · since 2020
EDGE DEVICE INTRUSIONS
Justice for Multiple companies and government entities — the trail went cold in 2020, but the truth hasn't.
Start here
Key leads to think about
🔍
evidence
Lead #1What specific vulnerability details in CVE-2020-12271 enabled the widespread compromise of edge devices?
🎯
suspect
Lead #2Who are the members of the Advanced Persistent Threat group responsible for developing and deploying this malware?
💡
clue
Lead #3Which companies and government entities were compromised, and what sensitive data was exfiltrated?
Beginning in April 2020, an Advanced Persistent Threat group deployed malware exploiting CVE-2020-12271 to compromise edge devices and networks at companies and government entities worldwide, exfiltrating sensitive data from firewalls. The identities of those responsible remain unknown despite ongoing investigation by the FBI. Public assistance is sought to identify the individuals behind this sophisticated cyber intrusion campaign.
Case
#288
Worldwide
Federal Bureau of Investigation (FBI) - Indianapolis Field Office
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
⏰
timeline
Lead #4Has the threat group continued operations beyond April 2020, or has activity ceased?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Cyber Intrusions into Companies and Government Entities April 2020 to Present The Federal Bureau of Investigation (FBI) is asking the public for assistance in an investigation involving the compromise of edge devices and computer networks belonging to companies and government entities. As described by Sophos Ltd.
in a recently released cyber security report, on April 22, 2020, an Advanced Persistent Threat group allegedly created and deployed malware exploiting the vulnerability CVE-2020-12271 as part of a widespread series of indiscriminate computer intrusions designed to exfiltrate sensitive data from firewalls worldwide. The FBI is seeking information regarding the identities of the individuals responsible for these cyber intrusions.
Timeline of Events
📋
2020-04-22
Malware deployment begins
Advanced Persistent Threat group allegedly created and deployed malware exploiting vulnerability CVE-2020-12271 targeting edge devices and firewalls globally
Case Information
Incident:April 22, 2020
Last Updated:June 9, 2026
Leave a comment
Comments
Case Information
Incident:April 22, 2020
Last Updated:June 9, 2026