The FBI wants the public to help it track down Chinese hackers

• FBI publishes a telephone to arms, asking for nan public's help
• The group(s) person been targeting authorities separator devices for years
• Multiple groups look to person been involved

The US Federal Bureau of Investigation (FBI) is asking nan wide nationalist for thief successful nan investigation, and identification, of a threat character targeting separator devices and machine networks successful authorities entities and different companies.

Citing a study from cybersecurity researchers Sophos, nan FBI said an Advanced Persistent Threat (APT) group created and deployed malware “as portion of a wide bid of indiscriminate machine intrusions” built to bargain delicate accusation from firewalls worldwide.

The run leveraged, first and foremost, CVE-2020-12271, an SQL injection rumor recovered successful SFOS 17.0, 17.1, 17.5, and 18.0 earlier precocious April 2020, connected Sophos XG Firewall devices. The vulnerability affected devices configured pinch either nan management (HTTPS) work aliases nan User Portal exposed connected nan WAN zone. The crooks abused nan bug to trigger distant codification execution (RCE), starring to nan exfiltration of usernames and hashed passwords from section instrumentality admins, portal admins, and personification accounts.

Years-long campaign

The move is linked to a bid of caller reports from Sophos which specifications aggregate hacking campaigns that took spot betwixt 2018 and 2023 and apparently exploited separator infrastructure appliances to deploy civilization malware. Sophos dubbed nan run Pacific Rim, and attributed it to aggregate Chinese state-sponsored threat actors, including nan infamous Volt Typhoon.

Sophos besides said that CVE-2020-12271 wasn’t nan only vulnerability exploited successful this campaign, besides listing CVE-2020-15069, CVE-2020-29574, CVE-2022-1040, and CVE-2022-3236.

"From 2021 onwards nan adversaries appeared to displacement attraction from wide indiscriminate attacks to highly targeted, 'hands-on-keyboard' narrow-focus attacks against circumstantial entities: authorities agencies, captious infrastructure, investigation and improvement organizations, healthcare providers, retail, finance, military, and public-sector organizations chiefly successful nan Asia-Pacific region," nan institution said astatine nan time.

Those pinch actionable intel tin scope retired to nan FBI via WhatsApp, Signal aliases Telegram.

Via The Hacker News

You mightiness besides like

• Volt Typhoon is really a CIA asset, China claims
• Here's a database of nan best firewalls today
• These are nan best endpoint protection tools correct now