The person at the center of this case
Sophos firewall users and affected computer networks
Cold Case ยท Open
58 days waiting
GUAN TIANFENG
Justice for Sophos firewall users and affected computer networks โ the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
๐
evidence
Lead #1What specific zero-day vulnerability was developed and how was it tested before deployment?
๐ฏ
suspect
Lead #2What is Guan Tianfeng's current location and how can he be located in Sichuan Province or Bangkok?
๐ก
clue
Lead #3Who else was involved in the conspiracy to commit computer fraud and wire fraud?
Guan Tianfeng is wanted by the FBI for allegedly developing and testing a zero-day vulnerability used to compromise approximately 81,000 Sophos firewalls without authorization. The conspiracy involved accessing firewalls, damaging them, and exfiltrating sensitive data from both the devices and connected networks. He is believed to be residing in Sichuan Province, China, with possible ties to Bangkok, Thailand.
Case
#913
United States District Court, Northern District of Indiana, Hammond Division; FBI
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above โ each detail below could be the thread that pulls this case open.
๐
evidence
Lead #4What data was exfiltrated from the 81,000 compromised firewalls and affected networks?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud Caution: Guan Tianfeng is wanted for his alleged role in conspiring to access Sophos firewalls without authorization, cause damage to them, and retrieve and exfiltrate data from both the firewalls themselves and the computers behind these firewalls. The exploit was used to infiltrate approximately 81,000 firewalls.
It is alleged that Guan Tianfeng's role in the conspiracy was to develop and test the zero-day vulnerability used to conduct the attack. A federal arrest warrant was issued for Guan Tianfeng in the United States District Court, Northern District of Indiana, Hammond Division, after he was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud.
Remarks: It is believed that Guan Tianfeng is currently residing in Sichuan Province, China. He also has ties to or may visit Bangkok, Thailand.
Timeline of Events
๐
Unknown
Zero-day vulnerability development
Guan Tianfeng allegedly developed and tested a zero-day exploit targeting Sophos firewalls
๐ต๏ธ
Unknown
Firewall compromise discovered
Approximately 81,000 Sophos firewalls were infiltrated using the developed vulnerability
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:Invalid Date
Last Updated:May 12, 2026
Up to $10 Reward
For information leading to the resolution of this case
Leave a comment
Comments
Case Information
Incident:Invalid Date
Last Updated:May 12, 2026
Up to $10 Reward
For information leading to the resolution of this case