Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released “Pacific Rim,” a report detailing its defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls.
The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools, and procedures (TTPs) with well-known Chinese nation-state groups including Volt Typhoon, APT31, and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state securityapparatus, and central government ministries.
Throughout Pacific Rim, Sophos X-Ops, the company’s cybersecurity and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives. After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.
While Sophos released details starting in 2020 on the campaigns associated, including Cloud Snooper and Asnarök, the company is sharing the overall investigation analysis to raise awareness of the persistence of Chinese nation-state adversaries and their hyperfocus to compromise perimeter, unpatched, and end-of-life (EOL) devices, often via zero-day exploits they are creating for those devices.
Advice for Defenders
Organizations should expect all internet-facing devices are prime targets for nation-state adversaries, especially those devices in critical infrastructure. Sophos encourages organizations to take the following actions to strengthen their security posture.
● Minimize internet-facing services and devices when possible
● Prioritize patching with urgency for internet-facing devices and monitor these devices
● Enable hotfixes for edge devices to be allowed and applied automatically
● Collaborate with law enforcement, public-private partners, and government to share and act on
relevant IoCs
● Create a plan for how your organization deals with EOL devices
Total views: 228