mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

598
comptes actifs

#firewalls

1 message1 participant0 message aujourd’hui

"Now one cybersecurity vendor is revealing how intensely—and for how long—it has battled with one group of hackers that have sought to exploit its products to their own advantage. For more than five years, the UK cybersecurity firm Sophos engaged in a cat-and-mouse game with one loosely connected team of adversaries who targeted its firewalls. The company went so far as to track down and monitor the specific devices on which the hackers were testing their intrusion techniques, surveil the hackers at work, and ultimately trace that focused, years-long exploitation effort to a single network of vulnerability researchers in Chengdu, China.

On Thursday, Sophos chronicled that half-decade-long war with those Chinese hackers in a report that details its escalating tit-for-tat. The company went as far as discreetly installing its own “implants” on the Chinese hackers' Sophos devices to monitor and preempt their attempts at exploiting its firewalls. Sophos researchers even eventually obtained from the hackers' test machines a specimen of “bootkit” malware designed to hide undetectably in the firewalls' low-level code used to boot up the devices, a trick that has never been seen in the wild."

wired.com/story/sophos-chengdu

For those who don't know (which is most of you), this project has been the intense focus of my work, taking up a huge amount of my time, energy, and investigative effort for the past 14 months - while still helping others at Sophos publish their research; running an election campaign where I was a candidate for school board; speaking at Blue Hat, Defcon, Saintcon, Virus Bulletin and other conferences; guest lecturing to classes at CU Boulder; volunteering my time canvassing for political candidates; serving as a docent at the Media Archaeology Lab; and starting up the Elect More Hackers organization.

Whew. It's actually kind of daunting just to read that. I also sometimes sleep and eat.

@SophosXOps has been, at its core, an institution that values radical transparency, and this story (and the earlier research investigations into the Operation Pacific Rim threat actors and incidents) demonstrates Sophos' commitment to truth and journalistic integrity, following a story wherever it leads.

I hope our publication today starts a larger conversation and collaboration within the cybersecurity industry - inside and outside the Cyber Threat Alliance, which Sophos actively supports and where I am proud to represent my employer - to work together to thwart the ambitions of nation-state threat actors such as the perpetrators of Operation Pacific Rim, in order to protect the privacy and safety of everyone, everywhere.

#PacificRim #OperationPacificRim #malware #china #hacking #hacks #infosec #firewalls #intrusiondetection

sophos.com/en-us/content/pacif

SOPHOSSophos' Pacific Rim: Defense Against Nation-state HackersDiscover Sophos' Pacific Rim defense against nation-state / Chinese hackers Volt Typhoon, APT31, and APT41 targeting critical infrastructure.

For 5 years, Sophos has been engaged in defensive and counter-offensive operations against China-based #NationState adversaries targeting perimeter devices like #firewalls for surveillance and sabotage.

The attacks unfolded in two waves: the first aimed to build proxy networks, often used by Chinese groups to hide further operations. The second targeted critical infrastructure in South and Southeast Asia.

Sophos uncovered links to groups like Volt Typhoon, APT31, APT41, and Chinese educational institutions. Now, we’re sharing insights from our detailed "Pacific Rim" report to help others defend against these persistent attackers.

Sophos X-Ops is happy to collaborate with others and share additional detailed IOCs on a case-by-case basis.
Contact us via pacific_rim@sophos.com.

For the full story, please see our landing page: sophos.com/en-us/content/pacif

SOPHOSSophos' Pacific Rim: Defense Against Nation-state HackersDiscover Sophos' Pacific Rim defense against nation-state / Chinese hackers Volt Typhoon, APT31, and APT41 targeting critical infrastructure.

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:

🔓 🇺🇸 U.S. nuclear research lab #databreach impacts 45,000 people
🇩🇪 #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
🔓 🏧 #Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how
🔓 🇺🇸 Norton #Healthcare discloses data breach after May ransomware attack
🇷🇺 Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
👥 #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
🇻🇳 💻 #Microsoft seizes domains used to sell fraudulent #Outlook accounts
🇫🇷 💸 French police arrests Russian suspect linked to #Hive ransomware
🇨🇳 Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
🇺🇦 🇷🇺 Ukrainian military says it hacked #Russia's federal tax agency
🇨🇳 🚪 Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
🇺🇦 📡 #Ukraine’s largest mobile communications provider down after apparent #cyberattack
🇪🇸 Kelvin Security hacking group leader arrested in #Spain
🔻 👮🏻‍♂️ #ALPHV ransomware site outage rumored to be caused by law enforcement
📹 🕵🏻‍♂️ #UniFi devices broadcasted private video to other users’ accounts
🇷🇺 🇪🇺 Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
🇺🇸 Harry Coker confirmed to be the next National Cyber Director
🇪🇸 🇺🇸 Spain expels two US spies for infiltrating secret service
📝 #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
🩹 #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
🦠 🇵🇸 New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
🦠 🇮🇷 Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
🦠 🇩🇪 New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
🍪 #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
🐛 👨🏻‍💻 #Zoom Unveils Open Source Vulnerability Impact Scoring System
🩹 🧱 #Sophos backports RCE fix after attacks on unsupported #firewalls
🔓 🧱 Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
🩹 🍏 #Apple Ships iOS 17.2 With Urgent Security #Patches
🐛 Over 30% of #Log4J apps use a vulnerable version of the library

📚 This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s Infosec Newsletter · InfoSec MASHUP - Week 50/2023Par Xavier «X» Santolaria