{
  "name": "Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns",
  "slug": "pacific-rim-timeline-information-for-defenders-from-a-braid-of-interlocking-attack-campaigns",
  "description": "Sophos unveils a five-year investigation tracking China-based threat actors targeting perimeter devices, particularly Sophos firewalls. The report details multiple attack campaigns, including Asnar\u00f6k, Bookmark Buffer Overflow, and Covert Channels, which exploited zero-day vulnerabilities to gain access and deploy various malware payloads. The attackers demonstrated sophisticated tactics, techniques, and procedures, including the use of rootkits, backdoors, and novel persistence mechanisms. The campaigns evolved from indiscriminate attacks to highly targeted operations against government agencies, critical infrastructure, and strategic industries, primarily in the Asia-Pacific region. Sophos' defensive efforts included rapid patching, threat hunting, and collaboration with international cybersecurity agencies and researchers.",
  "published": "2024-10-31T18:46:46+00:00",
  "created_at": "2024-10-31T18:46:46+00:00",
  "modified_at": "2024-11-01T16:26:37+00:00",
  "created_at_opencti": "2024-10-31T18:46:46+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-10-31",
    "CVE-2020-12271",
    "CVE-2020-15069",
    "CVE-2020-29574",
    "CVE-2022-1040",
    "CVE-2022-1292",
    "CVE-2022-3236",
    "asia-pacific targets",
    "asnar\u00f6k",
    "backdoors",
    "china-based threat actors",
    "cloud snooper",
    "critical-infrastructure",
    "gh0st rat",
    "government agencies",
    "libsophos.so",
    "onderon",
    "perimeter devices",
    "rootkits",
    "sliver",
    "zero-day vulnerabilities"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "bcb0065d-897b-4c65-9652-153fad3d6892",
        "name": "Onderon",
        "slug": "onderon"
      },
      {
        "id": "67326ca1-d99c-4a15-be4f-98e5c6d000e8",
        "name": "libsophos.so",
        "slug": "libsophosso"
      },
      {
        "id": "b0e113a5-1fcc-422a-a65e-8be3a5744bca",
        "name": "Cloud Snooper",
        "slug": "cloud-snooper"
      },
      {
        "id": "f6956903-6815-4be6-af9c-8ce3b33b3472",
        "name": "Asnar\u00f6k",
        "slug": "asnarok"
      },
      {
        "id": "db3270fd-1a2b-4c8f-b6b5-9332b19e2c3a",
        "name": "Moudoor",
        "slug": "mydoor"
      },
      {
        "id": "db7f167e-24b0-49d3-b8e0-ef250e0c5046",
        "name": "gh0st RAT - S0032",
        "slug": "gh0st-rat-s0032"
      },
      {
        "id": "c70c9980-18de-4208-93f5-0bd2dddeb40c",
        "name": "Sliver",
        "slug": "sliver"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      },
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "China"
      },
      {
        "id": "",
        "name": "Japan"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Telecommunications"
      },
      {
        "id": "",
        "name": "Government"
      }
    ]
  },
  "external_refs": [
    "https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/",
    "https://otx.alienvault.com/pulse/6723dea67cffc52a5ae16568"
  ]
}