Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers

https://is1-ssl.mzstatic.com/image/thumb/Podcasts122/v4/ba/d8/2e/bad82e93-4808-378e-51db-7998969753df/mza_14911023975293012637.png/600x600bb.jpg

The Security Ledger Podcasts

The Security Ledger

9 episodes

8 months ago

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

All content for The Security Ledger Podcasts is the property of The Security Ledger and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers

The Security Ledger Podcasts

33 minutes 43 seconds

11 months ago

Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers

In this episode of The Security Ledger Podcast (#259) Paul speaks with Ross McKerchar, the CISO of Sophos, about the the company’s recent, headline grabbing report on a six year, state sponsored hacking campaign it dubbed Pacific Rim. Ross talks about the company’s dawning awareness of the extent and sophistication of the operation and its use of a targeted software implant to monitor the workings of the state-sponsored group and stay a step ahead of the hackers efforts to breach Sophos and its customers.

Watch Video

Download the MP3

Read the Transcript

After so many decades writing about hair raising cyber attacks, it is easy to get jaded -and hard to be impressed. And then something like the Pacific Rim report comes along. Released last month by the UK-based cybersecurity firm Sophos, Pacific Rim is an eye-raising account of a years-long battle with persistent and sophisticated hackers based in China who were determined to compromise Sophos and use their access to target the company’s customers.

Ross Mckerchar is the CISO at Sophos.

A six year stealth campaign

The Sophos Pacific Rim report paints a detailed picture of a relentless nation-state level cyber assault that was years in the making. The attack, emanating from a well-resourced group of PRC-based actors, wasn’t a conventional one-off breach but rather a protracted, six-year campaign involving a wide range of entities and software assets across regions, beginning in India with the compromise of a wall-mounted display at Cyberoam, a company Sophos had acquired. From there, the attackers used “live off the land” techniques to infiltrate other systems, exploiting vulnerabilities to gain unauthorized access to sensitive areas, all the while showcasing advanced techniques that far exceeded the kind of low-skill script kiddie or hacker tactics, and elevated concerns about the breadth of their capabilities.

ORBs and AWS: China’s sophisticated hacking techniques

In this podcast, I sat down with Ross McKerchar to dig into the Pacific Rim incident. Ross and I talk about his company’s quick realization that what appeared to be a run-of-the-mill intrusion onto Cyberoam’s network was much more: one branch of a global campaign by Chinese-backed hacking groups to gain access to a wide range of sensitive targets, from tech firms to critical infrastructure providers to government agencies and embassies.

Ross and I discuss the evolution of attack methodologies by China-based threat groups, as well as the many characteristics that made the Pacific Rim stand out, such as the attackers’ utilization of cutting edge cloud-based management tools like AWS SSM to elevate their intrusion capabilities and “ORBs” (operational relay boxes) -a kind of purpose built botnet of compromised devices that hacking groups use as a foundation for further attacks.

A timeline of the Pacific Rim campaign. (Image courtesy of Sophos.)