The FBI wants the public to help it track down Chinese hackers

2 weeks ago

The FBI emblem (Federal Bureau of Investigation) painted connected a ceramic wall.

(Image credit: Shutterstock / BreizhAtao)

FBI publishes a telephone to arms, asking for nan public's help
The group(s) person been targeting authorities separator devices for years
Multiple groups look to person been involved

The US Federal Bureau of Investigation (FBI) is asking nan wide nationalist for thief successful nan investigation, and identification, of a threat character targeting separator devices and machine networks successful authorities entities and different companies.

Citing a study from cybersecurity researchers Sophos, nan FBI said an Advanced Persistent Threat (APT) group created and deployed malware “as portion of a wide bid of indiscriminate machine intrusions” built to bargain delicate accusation from firewalls worldwide.

The run leveraged, first and foremost, CVE-2020-12271, an SQL injection rumor recovered successful SFOS 17.0, 17.1, 17.5, and 18.0 earlier precocious April 2020, connected Sophos XG Firewall devices. The vulnerability affected devices configured pinch either nan management (HTTPS) work aliases nan User Portal exposed connected nan WAN zone. The crooks abused nan bug to trigger distant codification execution (RCE), starring to nan exfiltration of usernames and hashed passwords from section instrumentality admins, portal admins, and personification accounts.

Years-long campaign

The move is linked to a bid of caller reports from Sophos which specifications aggregate hacking campaigns that took spot betwixt 2018 and 2023 and apparently exploited separator infrastructure appliances to deploy civilization malware. Sophos dubbed nan run Pacific Rim, and attributed it to aggregate Chinese state-sponsored threat actors, including nan infamous Volt Typhoon.

Sophos besides said that CVE-2020-12271 wasn’t nan only vulnerability exploited successful this campaign, besides listing CVE-2020-15069, CVE-2020-29574, CVE-2022-1040, and CVE-2022-3236.

"From 2021 onwards nan adversaries appeared to displacement attraction from wide indiscriminate attacks to highly targeted, 'hands-on-keyboard' narrow-focus attacks against circumstantial entities: authorities agencies, captious infrastructure, investigation and improvement organizations, healthcare providers, retail, finance, military, and public-sector organizations chiefly successful nan Asia-Pacific region," nan institution said astatine nan time.

Those pinch actionable intel tin scope retired to nan FBI via WhatsApp, Signal aliases Telegram.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via The Hacker News

You mightiness besides like

Volt Typhoon is really a CIA asset, China claims
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology