Sophos Releases Pacific Rim – Lifting the Lid off a Vast Chinese Cyberespionage Operation

ResourcesPacific RimThreats & MalwareWebcast

Inside the counter-offensive – The TTPs used to neutralize China-based threats

Today, Sophos has published an unprecedented industry report, called “Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats,” about a five-year long battle with adversaries targeting perimeter devices, including Sophos firewalls. The overall report package includes how attackers can leverage any internet-facing perimeter device and Sophos’ call to the entire cybersecurity ecosystem, including channel partners and Managed Security Partners (MSPs) to disrupt them

Overview of Pacific Rim

In the research, we disclose how the attackers used a series of campaigns with novel exploits and customized malware to conduct surveillance, sabotage, and cyberespionage. Sophos also found overlapping tactics, tools, and procedures (TTPs) with well-known Chinese nation-state groups, including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.

Throughout Pacific Rim, Sophos X-Ops, our cybersecurity operations and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives.

After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.

Upcoming Pacific Rim Reports and Insights to Inspire Change

As a part of this announcement, we’re publishing a series of articles to tell the story:

Join the Live Ask Me Anything Webinar

Hear first-hand about Sophos’ research and how partners can help defend their customers from modern network device attacks with Sophos’ Ross McKerchar, CISO, and Daniel Cole, senior vice president of Network and Content Security. Special guest speaker Jack Cable, senior technical advisor from CISA, will discuss Secure by Design and how CISA’s initiative can further build resilience against cyberattacks by the People’s Republic of China

Upcoming live sessions:

  • Monday, 4 November, 2024
    11:00am ET | 4:00pm GMT
  • Thursday, 7 November, 2024
    5:00pm ET
    9:00am AEDT (on 8 November)

Register for the Webinar Sessions

Share the News with Your Customers and Prospects

Help spread the word and give your customers and prospects an opportunity to learn how perimeter devices at organizations of any size are susceptible to nation-state adversaries and how to defend against these persistent attackers.

Capture Your Leads

Please use the link below when pointing to the webinar registration and add your unique Partner Referral ID to make sure you capture all the links you create.

Use this link to share the event with tracking enabled:
https://events.sophos.com/series/de9923fc-5e85-462f-b650-aaab82a59d57/?cmp=701aJ000006OBWlQAO&id={partner referral ID}

If you need any help with co-branding or tracking, don’t hesitate to contact the Channel Service Center via csc@sophos.com.