“After we successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. We uncovered a vast adversarial ecosystem.” - Sophos
Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released “Pacific Rim,” a report detailing its defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools and procedures (TTPs) with well-known Chinese nation-state groups including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.
Throughout Pacific Rim, Sophos X-Ops, the company’s cybersecurity and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives. After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.