Security News > 2022 > June > Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity

A sophisticated Chinese advanced persistent threat actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack.
"The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report.
Now according to Volexity, early evidence of exploitation of the flaw commenced on March 5, 2022, when it detected anomalous network activity originating from an unnamed customer's Sophos Firewall running the then up-to-date version, nearly three weeks before public disclosure of the vulnerability.
"The attacker was using access to the firewall to conduct man-in-the-middle attacks," the researchers said.
"The attacker used data collected from these MitM attacks to compromise additional systems outside of the network where the firewall resided."
The access to session cookies subsequently equipped the malicious party to take control of the WordPress site and install a second web shell dubbed IceScorpion, with the attacker using it to deploy three open-source implants on the web server, including PupyRAT, Pantegana, and Sliver.
News URL
https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)