Oddbean new post about | logout
 NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices

The UK’s National Cyber Security Centre (NCSC) has published technical documentation of a sophisticated network backdoor being planted on hacked Sophos XG firewall devices and warned that the malware was designed for a broader range of Linux-based network devices.

The backdoor, called Pygmy Goat, uses multiple stealthy techniques to maintain persistence and avoid detection and is capable of disguising malicious traffic as legitimate SSH connections.

The backdoor also makes use of encrypted ICMP packets for covert communication and is clearly the work of a very skilled, professional hacking operator.

See more:
https://www.securityweek.com/ncsc-details-pygmy-goat-backdoor-planted-on-hacked-sophos-firewall-devices/

Original post:
nostr:nevent1qqspaz8g27364sch6ue7nfjwqmn4vy4dwcpk9r9wpmx3farkq8q8m2gppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpn7e6gx

#cybersecurity #sophos