The person at the center of this case
Sophos firewall systems and their users (approximately 81,000 compromised firewalls)
Cold Case ยท Open
48 days waiting
GUAN TIANFENG
Justice for Sophos firewall systems and their users (approximately 81,000 compromised firewalls) โ the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
๐ฏ
suspect
Lead #1What is Guan Tianfeng's current location and is he still actively involved in cybercriminal activities?
๐
evidence
Lead #2What specific zero-day vulnerability was developed and are there technical indicators that could help identify related attacks?
๐
contact
Lead #3What connections exist between Guan Tianfeng and other individuals or groups involved in the conspiracy?
Guan Tianfeng is wanted by the FBI for allegedly developing and testing a zero-day vulnerability used to compromise approximately 81,000 Sophos firewalls without authorization, enabling data theft from both the firewalls and connected networks. His role in the conspiracy was to create the exploit that allowed unauthorized access and exfiltration of sensitive information. He is believed to be residing in Sichuan Province, China, with possible connections to Bangkok, Thailand, and remains at large.
Case
#913
United States District Court, Northern District of Indiana, Hammond Division; Federal Bureau of Investigation (FBI)
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above โ each detail below could be the thread that pulls this case open.
๐
location
Lead #4Why does Guan Tianfeng have ties to Bangkok, Thailand, and does this indicate a broader operational network?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud Caution: Guan Tianfeng is wanted for his alleged role in conspiring to access Sophos firewalls without authorization, cause damage to them, and retrieve and exfiltrate data from both the firewalls themselves and the computers behind these firewalls. The exploit was used to infiltrate approximately 81,000 firewalls.
It is alleged that Guan Tianfeng's role in the conspiracy was to develop and test the zero-day vulnerability used to conduct the attack. A federal arrest warrant was issued for Guan Tianfeng in the United States District Court, Northern District of Indiana, Hammond Division, after he was charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud.
Remarks: It is believed that Guan Tianfeng is currently residing in Sichuan Province, China. He also has ties to or may visit Bangkok, Thailand.
Timeline of Events
๐
Unknown
Zero-day vulnerability development
Guan Tianfeng allegedly developed and tested the zero-day vulnerability exploited against Sophos firewalls
๐ต๏ธ
Unknown
Firewall compromise discovery
Approximately 81,000 Sophos firewalls were infiltrated using the developed exploit to access and exfiltrate data
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:Invalid Date
Last Updated:April 29, 2026
Up to $10 Reward
For information leading to the resolution of this case
Leave a comment
Comments
Case Information
Incident:Invalid Date
Last Updated:April 29, 2026
Up to $10 Reward
For information leading to the resolution of this case