Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos
"For more than five years, Sophos has been investigating multiple China-based groups targeting Sophos firewalls, with botnets, novel exploits, and bespoke malware," Sophos explains in a report that outlines the activity.
https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/
"With assistance from other cybersecurity vendors, governments, and law enforcement agencies we have been able to, with varying levels of confidence, attribute specific clusters of observed activity to Volt Typhoon, APT31 and APT41/Winnti."
For those who are interested in the "Pacific Rim" research, you should start here.
/nosanitize
While many of these attacks put cybersecurity researchers on the defensive, Sophos also had the opportunity to go on the offensive, planting custom implants on devices that were known to be compromised.
"Hunting through telemetry, X-Ops analysts identified a device which X-Ops concluded, with high confidence, belonged to the Double Helix entity," explained Sophos.
/nosanitize
https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/?amp=1#_July_9,_2020
"After consulting with legal counsel, X-Ops deployed the targeted implant and observed the attacker using vim to write and run a simple Perl script."
"While of low value, the deployment served as a valuable demonstration of intelligence collection capability by providing near-real-time observability on attacker-controlled devices."