1. Forum
  2. tqw
  3. TQW GENTECH

  • Sophos Firewall hack on government network used an all-new custom

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 06, 2024 17:15:05
    Sophos Firewall hack on government network used an all-new custom malware

    Date:
    Wed, 06 Nov 2024 17:05:00 +0000

    Description:
    Pygmy Goat is a brand new Linux-based backdoor, experts warn.

    FULL STORY ======================================================================Security
    researchers from UK's NCSC share more details about the tools used in
    Pacific Rim Pygmy Goat is a competent backdoor likely used by the Chinese
    Even the FBI is asking for help to identify the crooks

    For the past five years, the Chinese have been targeting edge devices belonging to government agencies and departments in the US and elsewhere in the West in an operation dubbed Pacific Rim - and we now have more details about the tools they used, and what those tools allowed the attackers to do.

    Pacific Rim mainly targeted Sophos XG firewalls with the goal of cyber-espionage and data exfiltration, and it was most likely conducted by multiple Chinese-speaking threat actors, including the infamous Volt Typhoon.

    In late October 2024, the UK National Cyber Security Center (NCSC) published
    a report in which it claims that a new Linux malware named Pygmy Goat was
    used in these attacks. Pygmy Goat is a native x86-32 ELF shared object that was discovered on Sophos XG firewall devices, providing backdoor access to
    the device, the documents summary reads. Pygmy Goat

    Being a sophisticated network malware, Pygmy Goat was able to disguise malicious traffic as legitimate Secure Shell (SSH) connections, and thus
    evade detection. Furthermore, it enabled covert communication through encrypted Internet Control Message Protocol (ICMP) packets, adding an additional obfuscation layer. As for its capabilities, Pygmy Goat provided
    its attackers with persistent remote access and control, allowing them to manipulate infected devices stealthily, and potentially compromise broader network infrastructure.

    Technical details about the code, infections, and more, can be found in the paper here .

    While the document does not discuss the threat actors using Pymgy Goat, BleepingComputer reminds that the techniques, tactics, and procedures (TTP) align with that of a piece of malware called Castletap, which was used by Chinese state-sponsored groups. Sophos, on the other hand, said the same rootkit was used in 2022 by another Chinese group dubbed Tstark.

    Pacific Rim was a major hacking operation that even drew the attention of the FBI, who recently asked the public to help them identify the attackers.

    Via BleepingComputer You might also like Top NAS devices are being targeted by this dangerous malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/sophos-firewall-hack-on-government-netw ork-used-an-all-new-custom-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)