FlagThis

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.

References:

• Malware Analysis, News and Indicators - This article details the "Pacific Rim" hacking campaign and how Sophos firewalls have been targeted by various Chinese threat actors over a five-year period. - 17d
• Security Boulevard - This blog post delves into the Sophos report on the "Pacific Rim" campaign and the tactics employed by the Chinese threat actors. - 17d
• eclypsium.com - This blog post explores the "Pacific Rim" campaign and the targeting of network appliances. - 17d
• Sophos News - This Sophos blog post explains the "Pacific Rim" campaign and its implications for security. - 17d

Classification:

• HashTags: Cybersecurity ThreatIntelligence NationStateHacking
• Company: Sophos
• Target: Sophos Firewalls
• Attacker: APT31 APT41/Winnti
• Product: Firewall
• Feature: UEFI
• Type: Hack
• Severity: Major