Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Nov. 1, 2024, 5:26 p.m.

Description

Sophos unveils a five-year investigation tracking China-based threat actors targeting perimeter devices, particularly Sophos firewalls. The report details multiple attack campaigns, including Asnarök, Bookmark Buffer Overflow, and Covert Channels, which exploited zero-day vulnerabilities to gain access and deploy various malware payloads. The attackers demonstrated sophisticated tactics, techniques, and procedures, including the use of rootkits, backdoors, and novel persistence mechanisms. The campaigns evolved from indiscriminate attacks to highly targeted operations against government agencies, critical infrastructure, and strategic industries, primarily in the Asia-Pacific region. Sophos' defensive efforts included rapid patching, threat hunting, and collaboration with international cybersecurity agencies and researchers.

External References

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/
https://otx.alienvault.com/pulse/6723dea67cffc52a5ae16568
Tags
sliver
gh0st rat
backdoors
critical infrastructure
2024-10-31
rootkits
CVE-2020-29574
onderon
CVE-2020-15069
CVE-2022-1040
government agencies
perimeter devices
CVE-2020-12271
cloud snooper
libsophos.so
china-based threat actors
CVE-2022-3236
asnarök
zero-day vulnerabilities
asia-pacific targets
CVE-2022-1292

Date

  • Created: Oct. 31, 2024, 7:46 p.m.
  • Published: Oct. 31, 2024, 7:46 p.m.
  • Modified: Nov. 1, 2024, 5:26 p.m.

Attack Patterns

  • Onderon
  • libsophos.so
  • Cloud Snooper
  • Asnarök
  • Moudoor
  • Mydoor
  • gh0st RAT - S0032
  • Sliver

Additional Informations

  • Technology
  • Healthcare
  • Energy
  • Defense
  • Finance
  • Telecommunications
  • Government
  • British Indian Ocean Territory
  • India
  • China
  • Japan