ramimac / aws-customer-security-incidents

A repository of breaches of AWS customers
GNU General Public License v3.0
708 stars 42 forks source link

Sophos Pacific Rim #211

Closed christophetd closed 3 weeks ago

christophetd commented 3 weeks ago

https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1 https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1

While this was the only incident in which a Sophos facility was targeted directly, it demonstrated an adaptable adversary capable of escalating capability as needed to achieve their objectives. For example, the threat actor demonstrated deep knowledge of AWS SSM (a relatively new technology in 2018) and deployed a kernel-level rootkit with stealthy command and control (C2) using ATT&CK technique T1205.002.