"Now one cybersecurity vendor is revealing how intensely—and for how long—it has battled with one group of hackers that have sought to exploit its products to their own advantage. For more than five years, the UK cybersecurity firm Sophos engaged in a cat-and-mouse game with one loosely connected team of adversaries who targeted its firewalls. The company went so far as to track down and monitor the specific devices on which the hackers were testing their intrusion techniques, surveil the hackers at work, and ultimately trace that focused, years-long exploitation effort to a single network of vulnerability researchers in Chengdu, China.

On Thursday, Sophos chronicled that half-decade-long war with those Chinese hackers in a report that details its escalating tit-for-tat. The company went as far as discreetly installing its own “implants” on the Chinese hackers' Sophos devices to monitor and preempt their attempts at exploiting its firewalls. Sophos researchers even eventually obtained from the hackers' test machines a specimen of “bootkit” malware designed to hide undetectably in the firewalls' low-level code used to boot up the devices, a trick that has never been seen in the wild."

https://www.wired.com/story/sophos-chengdu-china-five-year-hacker-war/

For those who don't know (which is most of you), this project has been the intense focus of my work, taking up a huge amount of my time, energy, and investigative effort for the past 14 months - while still helping others at Sophos publish their research; running an election campaign where I was a candidate for school board; speaking at Blue Hat, Defcon, Saintcon, Virus Bulletin and other conferences; guest lecturing to classes at CU Boulder; volunteering my time canvassing for political candidates; serving as a docent at the Media Archaeology Lab; and starting up the Elect More Hackers organization.

Whew. It's actually kind of daunting just to read that. I also sometimes sleep and eat.

@SophosXOps has been, at its core, an institution that values radical transparency, and this story (and the earlier research investigations into the Operation Pacific Rim threat actors and incidents) demonstrates Sophos' commitment to truth and journalistic integrity, following a story wherever it leads.

I hope our publication today starts a larger conversation and collaboration within the cybersecurity industry - inside and outside the Cyber Threat Alliance, which Sophos actively supports and where I am proud to represent my employer - to work together to thwart the ambitions of nation-state threat actors such as the perpetrators of Operation Pacific Rim, in order to protect the privacy and safety of everyone, everywhere.

#PacificRim #OperationPacificRim #malware #china #hacking #hacks #infosec #firewalls #intrusiondetection

https://www.sophos.com/en-us/content/pacific-rim

For 5 years, Sophos has been engaged in defensive and counter-offensive operations against China-based #NationState adversaries targeting perimeter devices like #firewalls for surveillance and sabotage.

The attacks unfolded in two waves: the first aimed to build proxy networks, often used by Chinese groups to hide further operations. The second targeted critical infrastructure in South and Southeast Asia.

Sophos uncovered links to groups like Volt Typhoon, APT31, APT41, and Chinese educational institutions. Now, we’re sharing insights from our detailed "Pacific Rim" report to help others defend against these persistent attackers.

Sophos X-Ops is happy to collaborate with others and share additional detailed IOCs on a case-by-case basis.
Contact us via pacific_rim@sophos.com.

For the full story, please see our landing page: https://www.sophos.com/en-us/content/pacific-rim

*The Internet of European Things. #firewalls #cyberspace #postinternet

https://eur-lex.europa.eu/eli/reg/2023/2854/oj

A recent kerfuffle over a issues in a popular firewall out there makes me think it's time to point to an article I wrote about my favorite -

"A Few of My Favorite Things About The OpenBSD Packet Filter Tools" https://nxdomain.no/~peter/better_off_with_pf.html (or with nicer formatting but trackers https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html) #firewalls #pf #openbsd

I like it when I log into the #console of one of my #firewalls and find the #script "unfuck_eth4.sh", then I know that #firewall did something bad at some point.

Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:

➝ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ Hackers breached International Criminal Court’s systems last week
➝ #Microsoft #AI researchers accidentally exposed terabytes of internal sensitive data
➝ #BlackCat #ransomware hits #Azure Storage with #Sphynx encryptor
➝ Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ #India's biggest tech centers named as #cybercrime hotspots
➝ Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ UK Minister Warns #Meta Over End-to-End Encryption
➝ One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ #GitHub launches #passkey support into general availability
➝ Free Download Manager releases script to check for #Linux malware
➝ #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ #iOS 17 includes these new security and #privacy features
➝ High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ Apple emergency updates fix 3 new zero-days exploited in attacks
➝ #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ Nearly 12,000 #Juniper #Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-382023

And a really comprehensive and detailed (warning) guide to PF #firewalls on #OpenBSD and #FreeBSD http://rlworkman.net/howtos/OpenBSD_pf_guide.html

[CFT] Major pfsync(4) Rewrite on the Horizon https://www.undeadly.org/cgi?action=article;sid=20230621081948 #openbsd #pf #pfsync #firewalls #redundancy

HIRING: Security Analyst / London, United Kingdom https://infosec-jobs.com/J29425/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #London #UnitedKingdom #Clearance #Compliance #ComputerScience #Firewalls #Forensics #GCIA #GCIH #GIAC #IDS #Linux #Oracle

NY EPISODE AF CYBER2GO UDE!

* #Nissan ramt af datalæk
* #Sophos med 4000+ sårbare #firewalls
* GitHub #CodeSpaces til malwaredistribution

Lyt med hvor du normalt finder dine #podcasts eller på https://cyber2go.buzzsprout.com!

--
tags:
#cyber #github #CVE #cybersikkerhed #cybersec #nyhedsbriefing #cyber2go #dkmastodon #IT #fælleshjerne #teknik #malware

Introduction

Redoing my #introduction as it was a bit of a sparse one when I joined.

I am a lifelong #technology enthusiast, having worked in Financial Services IT for more than 25 years, across multiple disciplines including:
* #Unisys #MCP-based #mainframe platforms (A17/A19/HMP NX 6800/Libra 180/Libra 6xx/Libra 890)
* #EMC #Symmetrix storage arrays (DMX 3/4 and most recently VMAX) including experience of #SRDF(S), SRDF(A), BCV
* #WindowsServer (2000 through 2019) including #ActiveDirectory
* Various #Linux/ #Unix OSes (#HPUX/ #RHEL/ #Centos/ #Ubuntu/ #Raspbian) including experience of #GFS/#GFS2 SAN storage clustering
* Virtual Tape Server technology (B&L/Crossroads/ETI Net SPHiNX, #TSM)
* Automation/Scripting (#PowerShell, #NT #Batch, #DOS, #Bash, #OPAL)
* #Security (#PrivilegedAccessManagement, #LeastPrivilege, #IAM, #Firewalls, #EDR)
* #BusinessContinuity/#DisasterRecovery (Design/Implementation/Operations)

I’m focused on learning and getting hands-on with #RaspberryPi at home and #cloud computing solutions both at work and at home.

I moved into a #SecurityEngineering role in 2020, so a lot of my focus is now more security focussed across all tech stacks.

My main focus at present when it comes to cloud is predominately #Microsoft #Azure, with Google and AWS of interest also, as well as other cloud infrastructure services such as those provided by CloudFlare, though I’m planning a move away from them due to their moral/ethical choices.

Away from work and tech, I love to #travel the world with my wife and enjoy very amateur #photography to record our adventures.

I also love most genres of #music, live in concert when I can, with a particular love of #Rock/ #Metal and also #Trance (coincidentally, given the profession of a somewhat more well known namesake of mine!).

Signing up for a new social network reminds me how #antisocial I am!

#introduction time:

I'm a #parent, all-around #geek, & serial #hobbyist: #photography, #woodworking, #3dprinting, #sewing, #vinylcutting, & more

Currently tinkering with #opensource #flashlights (Anduril)

I've worked w/ #networking & #firewalls for 20 years and currently work at #netgate on the #opensource firewall #pfSense (#development plus #documentation in #sphinx)

See my profile for even more hobbies and interests

#introduction

I’ve been working in the #InfoSec world for the last 25 years focused primarily on network security (#firewalls, vpns, ids/idp) both as a practitioner and at a few vendors. I am currently working at a vendor helping our customers solve their business challenges with our products.

Outside of my work, I’m a husband to an amazing woman and dad to an incredible #neurodivergent teenage boy who loves gaming. I enjoy #running and #cycling as well as playing #guitar and #cooking.

I’ve been a bit hesitant to join an InfoSec focused Mastodon instance because I rarely posted about InfoSec on the Birdsite, but I’m interested to give it a shot and see if it’s a good fit for me. I currently have a handle on a more general instance that I may migrate here depending on how things go.

I am also in #recovery and recently celebrated seven years sober. I am keenly interested in connecting with others in the technology and InfoSec world who are also in recovery.

Repost for the Monday morning CEST crowd:

A Few of My Favorite Things About The OpenBSD Packet Filter Tools https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html From the most recent SEMIBUG meeting, slides at https://home.nuug.no/~peter/pf_favorite/, trackerless full text https://nxdomain.no/~peter/better_off_with_pf.html #openbsd #pf #firewalls #security

A Few of My Favorite Things About The OpenBSD Packet Filter Tools https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html From the most recent SEMIBUG meeting, slides at https://home.nuug.no/~peter/pf_favorite/, trackerless full text https://nxdomain.no/~peter/better_off_with_pf.html #openbsd #pf #firewalls #security