ramimac / aws-customer-security-incidents

A repository of breaches of AWS customers
GNU General Public License v3.0
705 stars 40 forks source link

Sophos Pacific Rim #211

Closed christophetd closed 5 days ago

christophetd commented 6 days ago

https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1 https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1

While this was the only incident in which a Sophos facility was targeted directly, it demonstrated an adaptable adversary capable of escalating capability as needed to achieve their objectives. For example, the threat actor demonstrated deep knowledge of AWS SSM (a relatively new technology in 2018) and deployed a kernel-level rootkit with stealthy command and control (C2) using ATT&CK technique T1205.002.