Sophos Firewall hack on government network used an all-new custom malware

Trending 2 weeks ago
Security
(Image credit: Shutterstock) (Image credit: Shutterstock)

  • Security researchers from UK's NCSC stock much specifications astir nan devices utilized successful Pacific Rim
  • Pygmy Goat is simply a competent backdoor apt utilized by nan Chinese
  • Even nan FBI is asking for thief to place nan crooks

For nan past 5 years, nan Chinese person been targeting separator devices belonging to authorities agencies and departments successful nan US and elsewhere successful nan West successful an operation dubbed “Pacific Rim” - and we now person much specifications astir nan devices they used, and what those devices allowed nan attackers to do.

Pacific Rim chiefly targeted Sophos XG firewalls pinch nan extremity of cyber-espionage and information exfiltration, and it was astir apt conducted by aggregate Chinese-speaking threat actors, including nan infamous Volt Typhoon.

In precocious October 2024, nan UK National Cyber Security Center (NCSC) published a study successful which it claims that a caller Linux malware named “Pygmy Goat” was utilized successful these attacks. “Pygmy Goat is simply a autochthonal x86-32 ELF shared entity that was discovered connected Sophos XG firewall devices, providing backdoor entree to nan device,” nan document’s summary reads.

Pygmy Goat

Being a blase web malware, Pygmy Goat was capable to disguise malicious postulation arsenic morganatic Secure Shell (SSH) connections, and frankincense evade detection. Furthermore, it enabled covert connection done encrypted Internet Control Message Protocol (ICMP) packets, adding an further obfuscation layer. As for its capabilities, Pygmy Goat provided its attackers pinch persistent distant entree and control, allowing them to manipulate infected devices stealthily, and perchance discuss broader web infrastructure.

Technical specifications astir nan code, infections, and more, tin beryllium recovered successful nan insubstantial here.

While nan archive does not talk nan threat actors utilizing Pymgy Goat, BleepingComputer reminds that nan techniques, tactics, and procedures (TTP) align pinch that of a portion of malware called “Castletap”, which was utilized by Chinese state-sponsored groups. Sophos, connected nan different hand, said nan aforesaid rootkit was utilized successful 2022 by different Chinese group dubbed “Tstark”.

Pacific Rim was a awesome hacking cognition that moreover drew nan attraction of nan FBI, who precocious asked nan nationalist to thief them place nan attackers.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

You mightiness besides like

  • Top NAS devices are being targeted by this vulnerable malware
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology