Sophos reveals how it fought a network of dangerous Chinese hackers for years

News
By published

‘Pacific Rim’ reports reveal details of the campaign

China's flag overlays laptop screen
(Image credit: Shutterstock)

Sophos has revealed details of a five year battle with Chinese hackers who targeted networking devices across the globe.

The ‘Pacific RIm’ reports outline clusters of activity that cybersecurity venders and law enforcement can attribute to known threat actors Volt Typhoon, APT31 and APT41/Winnti - with ‘varying degrees of confidence’.

Included in the list of targets were prominent manufacturers such as Fortinet, NetGear, Sophos, Check Point, Cisco, and more. The attacks were aimed at high value targets primarily in the Indo-pacific region, and included nuclear energy suppliers, telecoms, military, and government agencies.

Critical infrastructure attacks

"For more than five years, Sophos has been investigating multiple China-based groups targeting Sophos firewalls, with botnets, novel exploits, and bespoke malware," Sophos explains in the report.

The state actors are not exclusively aiming at high value espionage targets though, as Sophos observed actors using tightly connected digital ecosystems which form part of the critical infrastructure supply chain to disrupt critical services.

“This community is believed to be collaborating on vulnerability research and sharing their findings with both vendors and entities associated with the Chinese government, including contractors conducting offensive operations on behalf of the state. However, the full scope and nature of these activities has not been conclusively verified." said Ross McKerchar, Sophos X-Ops.

Researchers believe that the attacks started in 2018 when they hit the Cyberoam headquarters, which is an India-based Sophos subsidiary.

Critical infrastructure is increasingly at the receiving end of state-sponsored cyberattacks, with some estimates putting this figure at 420 million in 2023, which is 13 attacks per second.

One of the groups, Volt Typhoon, has already been found lurking on US critical infrastructure networks for years, so this news won’t come as much of a surprise. The state sponsored group were positioned to steal sensitive information, monitor activity, and disrupt the infrastructure.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
China
Chinese hackers develop effective new hacking technique to go after business networks
China
Chinese hackers targeting Juniper Networks routers, so patch now
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Crowdstrike logo
Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so
Latest in Pro
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
ai quantization
Shadow AI: the hidden risk of operational chaos
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Bambu Lab H2D Vs X1C
I've been reviewing the hotly anticipated Bambu Lab H2D for a month, and it's the most versatile machine I've ever used
Digital clouds against a blue background.
Navigating the growing complexities of the cloud
Latest in News
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
The Meta Quest 3 and controllers on their charging station which is itself on a wooden desk next to a lamp
Forget Android XR, I've got my eyes on Vivo's new Meta Quest 3 competitor as it could be the most important VR headset of 2025
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
Marvel Rivals
Marvel Rivals will get two new hero skins for Moon Knight and Black Panther this week meaning I'll now need to farm even more Units
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Klipsch Klipschorn AK7 in a room with lots of dark wood furniture and a bare brick wall
Klipsch just updated two of its most iconic stereo speaker designs, keeping these beautiful retro icons on your most-wanted list
More about pro
Bambu Lab H2D Vs X1C

I've been reviewing the hotly anticipated Bambu Lab H2D for a month, and it's the most versatile machine I've ever used
1Password

Keep your company's passwords protected with 1Password Business Plan
An Apple Music pink/pixellated poster advertising DJ with Apple Music

DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
See more latest
Most Popular
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
The Meta Quest 3 and controllers on their charging station which is itself on a wooden desk next to a lamp
Forget Android XR, I've got my eyes on Vivo's new Meta Quest 3 competitor as it could be the most important VR headset of 2025
Marvel Rivals
Marvel Rivals will get two new hero skins for Moon Knight and Black Panther this week meaning I'll now need to farm even more Units
Klipsch Klipschorn AK7 in a room with lots of dark wood furniture and a bare brick wall
Klipsch just updated two of its most iconic stereo speaker designs, keeping these beautiful retro icons on your most-wanted list
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct