{"id":8483,"date":"2024-10-31T14:13:43","date_gmt":"2024-10-31T13:13:43","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=8483"},"modified":"2024-10-31T14:13:43","modified_gmt":"2024-10-31T13:13:43","slug":"sophos-releases-pacific-rim-lifting-the-lid-off-a-vast-chinese-cyberespionage-operation","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2024\/10\/resources\/sophos-releases-pacific-rim-lifting-the-lid-off-a-vast-chinese-cyberespionage-operation\/","title":{"rendered":"Sophos Releases Pacific Rim \u2013 Lifting the Lid off a Vast Chinese Cyberespionage Operation"},"content":{"rendered":"<p>Today, Sophos has published an unprecedented industry report, called \u201c<span data-contrast=\"auto\">Pacific Rim: Inside the Counter-Offensive\u2014The TTPs Used to Neutralize China-Based Threats,<\/span><span data-contrast=\"none\">\u201d about a five-year long battle with adversaries targeting perimeter devices, including Sophos firewalls. The overall report package includes how attackers can leverage any internet-facing perimeter device and Sophos\u2019 call to the entire cybersecurity ecosystem, including channel partners and Managed Security Partners (MSPs) to disrupt them<\/span><\/p>\n<h2>Overview of Pacific Rim<\/h2>\n<p><span data-contrast=\"auto\">In the research, we disclose how the attackers used a series of campaigns with novel exploits and customized malware to conduct surveillance, sabotage, and cyberespionage. Sophos also found overlapping tactics, tools, and procedures (TTPs) with well-known Chinese nation-state groups, including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and<\/span> <span data-contrast=\"auto\">large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital\u2019s airport, a military hospital, state security apparatus, and central government ministries.<\/span><\/p>\n<p>Throughout Pacific Rim, Sophos X-Ops, our cybersecurity operations and threat intelligence unit, worked to neutralize the adversaries\u2019 moves and continuously evolved defenses and counter-offensives.<\/p>\n<p>After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.<\/p>\n<h2>Upcoming Pacific Rim Reports and Insights to Inspire Change<\/h2>\n<p>As a part of this announcement, we\u2019re publishing a series of articles to tell the <a href=\"https:\/\/www.sophos.com\/en-us\/content\/pacific-rim\" target=\"_blank\" rel=\"noopener\">story<\/a>:<\/p>\n<ul>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/pacific-rim-neutralizing-china-based-threat\/\" target=\"_blank\" rel=\"noopener\">Pacific Rim: Inside the Counter-Offensive\u2014The TTPs Used to Neutralize China-Based Threats<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/pacific-rim-timeline\" target=\"_blank\" rel=\"noopener\">Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/from-the-frontlines-our-cisos-view-of-pacific-rim\/\" target=\"_blank\" rel=\"noopener\">From the Frontlines: Our CISO&#8217;s view of Pacific Rim<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/pacific-rim-whats-it-to-you\/\" target=\"_blank\" rel=\"noopener\">Pacific Rim: What&#8217;s it to you?<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/digital-detritus-the-engine-of-pacific-rim-and-a-call-to-the-industry-for-action\/\" target=\"_blank\" rel=\"noopener\">Digital Detritus: The engine of Pacific Rim and a call to the industry for action<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/31\/pacific-rim-learning-to-eat-soup-with-a-knife\/\" target=\"_blank\" rel=\"noopener\">Pacific Rim: Learning to eat soup with a knife<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/10\/25\/sophos-firewall-hardening-best-practices\/\" target=\"_blank\" rel=\"noopener\">Hardening Guide Sophos Firewall hardening best practices<\/a><\/li>\n<\/ul>\n<h2>Join the Live Ask Me Anything Webinar<\/h2>\n<p>Hear first-hand about Sophos\u2019 research and how partners can help defend their customers from modern network device attacks with Sophos\u2019 Ross McKerchar, CISO, and Daniel Cole, senior vice president of Network and Content Security. <b><span data-contrast=\"none\">Special guest speaker Jack Cable, senior technical advisor from CISA<\/span><\/b><span data-contrast=\"none\">, will discuss <\/span><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/06\/26\/sophos-provides-progress-on-its-pledge-to-cisas-secure-by-design-initiative\/?cmp=701aJ000006OBWlQAO\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Secure by Design<\/span><\/a><span data-contrast=\"none\"> and how CISA\u2019s initiative can further build resilience against cyberattacks by the People\u2019s Republic of China<\/span><\/p>\n<p>Upcoming live sessions:<\/p>\n<ul>\n<li><strong>Monday, 4 November, 2024<\/strong><br \/>\n11:00am ET | 4:00pm GMT<\/li>\n<\/ul>\n<ul>\n<li><strong>Thursday, 7 November, 2024<\/strong><br \/>\n5:00pm ET<br \/>\n9:00am AEDT (on 8 November)<\/li>\n<\/ul>\n<p><a href=\"https:\/\/events.sophos.com\/series\/de9923fc-5e85-462f-b650-aaab82a59d57\/?cmp=701aJ000006OBWlQAO\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Register for the Webinar Sessions<\/span><\/a><\/p>\n<h2>Share the News with Your Customers and Prospects<\/h2>\n<p><span data-contrast=\"auto\">Help spread the word and give your customers and prospects an opportunity to learn how perimeter devices at organizations of any size are susceptible to nation-state adversaries and how to defend against these persistent attackers.<\/span><\/p>\n<ul>\n<li>Share our social media posts:<br \/>\n<a href=\"https:\/\/www.linkedin.com\/posts\/sophos_smbs-activity-7257739805680164865-Pu1U\/?utm_source=share&amp;utm_medium=member_desktop\" target=\"_blank\" rel=\"noopener\">Access LinkedIn<\/a>\u00a0 |\u00a0\u00a0<a href=\"https:\/\/x.com\/Sophos\/status\/1851974211046121477\" target=\"_blank\" rel=\"noopener\">Access X<\/a><\/li>\n<li>Send a co-brandable email:<br \/>\n<a style=\"font-size: 1em;\" href=\"https:\/\/partners.sophos.com\/prm\/English\/s\/assets?collectionId=20397&amp;renderMode=Collection&amp;q=%22Pacific%20Rim%22\" target=\"_blank\" rel=\"noopener\">Access email template<\/a><\/li>\n<\/ul>\n<h2>Capture Your Leads<\/h2>\n<p>Please use the link below when pointing to the webinar registration and <strong>add your unique Partner Referral ID<\/strong> to make sure you capture all the links you create.<\/p>\n<p>Use this link to share the event with tracking enabled:<br \/>\n<b>https:\/\/events.sophos.com\/series\/de9923fc-5e85-462f-b650-aaab82a59d57\/?cmp=701aJ000006OBWlQAO&amp;id=<span style=\"background-color: #f1c40f;\">{partner referral ID}<\/span><\/b><\/p>\n<p>If you need any help with co-branding or tracking, don\u2019t hesitate to contact the Channel Service Center via <a href=\"mailto:csc@sophos.com\">csc@sophos.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Inside the counter-offensive \u2013 The TTPs used to neutralize China-based threats<\/p>\n","protected":false},"author":11,"featured_media":3000008485,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[315,21,316],"coauthors":[64],"class_list":["post-8483","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-pacific-rim","tag-threats-malware","tag-webcast"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2024\/10\/featured-image-sophos-pacific-rim.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/8483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=8483"}],"version-history":[{"count":16,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/8483\/revisions"}],"predecessor-version":[{"id":8501,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/8483\/revisions\/8501"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=8483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=8483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=8483"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=8483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}