Sophos Releases Pacific Rim – Lifting the Lid off a Vast Chinese Cyberespionage Operation

ResourcesPacific RimThreats & MalwareWebcast

Inside the counter-offensive – The TTPs used to neutralize China-based threats

Oct 31 2024 By

Today, Sophos has published an unprecedented industry report, called “Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats,” about a five-year long battle with adversaries targeting perimeter devices, including Sophos firewalls. The overall report package includes how attackers can leverage any internet-facing perimeter device and Sophos’ call to the entire cybersecurity ecosystem, including channel partners and Managed Security Partners (MSPs) to disrupt them

Overview of Pacific Rim

In the research, we disclose how the attackers used a series of campaigns with novel exploits and customized malware to conduct surveillance, sabotage, and cyberespionage. Sophos also found overlapping tactics, tools, and procedures (TTPs) with well-known Chinese nation-state groups, including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.

Throughout Pacific Rim, Sophos X-Ops, our cybersecurity operations and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives.

After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.

Upcoming Pacific Rim Reports and Insights to Inspire Change

As a part of this announcement, we’re publishing a series of articles to tell the story:

Join the Live Ask Me Anything Webinar

Hear first-hand about Sophos’ research and how partners can help defend their customers from modern network device attacks with Sophos’ Ross McKerchar, CISO, and Daniel Cole, senior vice president of Network and Content Security. Special guest speaker Jack Cable, senior technical advisor from CISA, will discuss Secure by Design and how CISA’s initiative can further build resilience against cyberattacks by the People’s Republic of China

Upcoming live sessions:

  • Monday, 4 November, 2024
    11:00am ET | 4:00pm GMT
  • Thursday, 7 November, 2024
    5:00pm ET
    9:00am AEDT (on 8 November)

Register for the Webinar Sessions

Share the News with Your Customers and Prospects

Help spread the word and give your customers and prospects an opportunity to learn how perimeter devices at organizations of any size are susceptible to nation-state adversaries and how to defend against these persistent attackers.

Capture Your Leads

Please use the link below when pointing to the webinar registration and add your unique Partner Referral ID to make sure you capture all the links you create.

Use this link to share the event with tracking enabled:
https://events.sophos.com/series/de9923fc-5e85-462f-b650-aaab82a59d57/?cmp=701aJ000006OBWlQAO&id={partner referral ID}

If you need any help with co-branding or tracking, don’t hesitate to contact the Channel Service Center via csc@sophos.com.

About the Author

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.