Sophos laying it on the table
This is a good thing to bookmark and read
Sophos have released a report covering their five year research into Chinese groups attempting to hack their devices.
Sophos’ Pacific Rim: Defense Against Nation-state Hackers
Discover Sophos’ Pacific Rim defense against nation-state / Chinese hackers Volt Typhoon, APT31, and APT41 targeting critical infrastructure.
And fair play to Sophos for calling this out:
“Sophos says it’s telling that story now not just to share a glimpse of China’s pipeline of hacking research and development, but also to break the cybersecurity industry’s awkward silence around the larger issue of vulnerabilities in security appliances serving as entry points for hackers.”
And a good warning:
“Sophos’ report also warns, however, that in the most recent phase of its long-running conflict with the Chinese hackers, they appear more than ever before to be have shifted from finding new vulnerabilities in firewalls to exploiting outdated, years-old installations of its products that are no longer receiving updates”
Good coverage by Wired here:
Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China’s R&D pipeline of intrusion techniques.
