Today, Sophos has published an unprecedented industry report, called “Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats,” about a five-year long battle with adversaries targeting perimeter devices, including Sophos firewalls. The overall report package includes how attackers can leverage any internet-facing perimeter device and Sophos’ call to the entire cybersecurity ecosystem, including channel partners and Managed Security Partners (MSPs) to disrupt them
Overview of Pacific Rim
In the research, we disclose how the attackers used a series of campaigns with novel exploits and customized malware to conduct surveillance, sabotage, and cyberespionage. Sophos also found overlapping tactics, tools, and procedures (TTPs) with well-known Chinese nation-state groups, including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.
Throughout Pacific Rim, Sophos X-Ops, our cybersecurity operations and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives.
After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.
Upcoming Pacific Rim Reports and Insights to Inspire Change
As a part of this announcement, we’re publishing a series of articles to tell the story:
- Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
- Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
- From the Frontlines: Our CISO’s view of Pacific Rim
- Pacific Rim: What’s it to you?
- Digital Detritus: The engine of Pacific Rim and a call to the industry for action
- Pacific Rim: Learning to eat soup with a knife
- Hardening Guide Sophos Firewall hardening best practices
Join the Live Ask Me Anything Webinar
Hear first-hand about Sophos’ research and how partners can help defend their customers from modern network device attacks with Sophos’ Ross McKerchar, CISO, and Daniel Cole, senior vice president of Network and Content Security. Special guest speaker Jack Cable, senior technical advisor from CISA, will discuss Secure by Design and how CISA’s initiative can further build resilience against cyberattacks by the People’s Republic of China
Upcoming live sessions:
- Monday, 4 November, 2024
11:00am ET | 4:00pm GMT
- Thursday, 7 November, 2024
5:00pm ET
9:00am AEDT (on 8 November)
Register for the Webinar Sessions
Share the News with Your Customers and Prospects
Help spread the word and give your customers and prospects an opportunity to learn how perimeter devices at organizations of any size are susceptible to nation-state adversaries and how to defend against these persistent attackers.
- Share our social media posts:
Access LinkedIn | Access X - Send a co-brandable email:
Access email template
Capture Your Leads
Please use the link below when pointing to the webinar registration and add your unique Partner Referral ID to make sure you capture all the links you create.
Use this link to share the event with tracking enabled:
https://events.sophos.com/series/de9923fc-5e85-462f-b650-aaab82a59d57/?cmp=701aJ000006OBWlQAO&id={partner referral ID}
If you need any help with co-branding or tracking, don’t hesitate to contact the Channel Service Center via csc@sophos.com.