CyberSecurity updates
Updated: 2024-11-23 11:03:07 Pacfic

eclypsium.com
Sophos Firewall Appliance Hacking Campaign - 17d

Sophos has identified a five-year campaign, dubbed “Pacific Rim”, by Chinese threat actors targeting network appliances, particularly Sophos firewalls. These attackers, including APT31, APT41/Winnti, and a third group, have employed a variety of tactics, including botnets, zero-days, custom malware, firmware backdoors, and UEFI implants, in attempts to compromise these devices. The UEFI implants, while not entirely new, are particularly concerning as they provide attackers with a persistent foothold on the firewall, potentially enabling them to gain control over the entire network. This campaign highlights the vulnerability of network appliances and the increasing sophistication of threat actors. Attackers are exploiting vulnerabilities, utilizing zero-day exploits, and implementing backdoors to gain access to sensitive data and gain a foothold in targeted organizations.

Andy Greenberg @ Wired
Sophos' Five-Year War Against Chinese Hackers - 22d

Security firm Sophos has been engaged in a five-year long battle against a hacking group suspected of originating from Chengdu, China. Sophos discovered that the attackers had planted malware on their own devices, indicating a sophisticated level of intrusion and a desire to gain access to their technology and operations. This revelation provides insight into the methods and techniques being developed by Chinese hackers, showcasing their advanced capabilities and potential for further attacks. Sophos’ experience highlights the ongoing threat posed by Chinese cyber espionage and the need for heightened vigilance and advanced security measures.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.