Oddbean new post about | logout
zCat | 6 days ago (raw) | export | reply | flag 
 Sophos reveals 5-year battle with Chinese hackers attacking network devices

Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos.

Sophos believes that many of the zero-day vulnerabilities are developed by Chinese researchers who not only share them with vendors, but also the Chinese government and associated state-sponsored threat actors.

While many of these attacks put cybersecurity researchers on the defensive, Sophos also had the opportunity to go on the offensive, planting custom implants on devices that were known to be compromised.

These implants allowed Sophos to collect valuable data about the threat actors, including a UEFI bootkit that was observed being deployed to a networking device.

See more: https://www.bleepingcomputer.com/news/security/sophos-reveals-5-year-battle-with-chinese-hackers-attacking-network-devices/

#cybersecurity #sophos
zCat | 5 days ago (raw) | root | parent | reply | flag 
 NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices

The UK’s National Cyber Security Centre (NCSC) has published technical documentation of a sophisticated network backdoor being planted on hacked Sophos XG firewall devices and warned that the malware was designed for a broader range of Linux-based network devices.

The backdoor, called Pygmy Goat, uses multiple stealthy techniques to maintain persistence and avoid detection and is capable of disguising malicious traffic as legitimate SSH connections.

The backdoor also makes use of encrypted ICMP packets for covert communication and is clearly the work of a very skilled, professional hacking operator.

See more:
https://www.securityweek.com/ncsc-details-pygmy-goat-backdoor-planted-on-hacked-sophos-firewall-devices/

Original post:
nostr:nevent1qqspaz8g27364sch6ue7nfjwqmn4vy4dwcpk9r9wpmx3farkq8q8m2gppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpn7e6gx

#cybersecurity #sophos