Sophos reveals how it fought a network of dangerous Chinese hackers for years

News
By
published

‘Pacific Rim’ reports reveal details of the campaign

China's flag overlays laptop screen
(Image credit: Shutterstock)

Sophos has revealed details of a five year battle with Chinese hackers who targeted networking devices across the globe.

The ‘Pacific RIm’ reports outline clusters of activity that cybersecurity venders and law enforcement can attribute to known threat actors Volt Typhoon, APT31 and APT41/Winnti - with ‘varying degrees of confidence’.

Included in the list of targets were prominent manufacturers such as Fortinet, NetGear, Sophos, Check Point, Cisco, and more. The attacks were aimed at high value targets primarily in the Indo-pacific region, and included nuclear energy suppliers, telecoms, military, and government agencies.

Critical infrastructure attacks

"For more than five years, Sophos has been investigating multiple China-based groups targeting Sophos firewalls, with botnets, novel exploits, and bespoke malware," Sophos explains in the report.

The state actors are not exclusively aiming at high value espionage targets though, as Sophos observed actors using tightly connected digital ecosystems which form part of the critical infrastructure supply chain to disrupt critical services.

“This community is believed to be collaborating on vulnerability research and sharing their findings with both vendors and entities associated with the Chinese government, including contractors conducting offensive operations on behalf of the state. However, the full scope and nature of these activities has not been conclusively verified." said Ross McKerchar, Sophos X-Ops.

Researchers believe that the attacks started in 2018 when they hit the Cyberoam headquarters, which is an India-based Sophos subsidiary.

Critical infrastructure is increasingly at the receiving end of state-sponsored cyberattacks, with some estimates putting this figure at 420 million in 2023, which is 13 attacks per second.

One of the groups, Volt Typhoon, has already been found lurking on US critical infrastructure networks for years, so this news won’t come as much of a surprise. The state sponsored group were positioned to steal sensitive information, monitor activity, and disrupt the infrastructure.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.