CyberSecurity updates
Updated: 2024-11-23 10:32:02 Pacfic

eclypsium.com
Sophos Firewall Appliance Hacking Campaign - 17d
Read more: eclypsium.com

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.