While this was the only incident in which a Sophos facility was targeted directly, it demonstrated an adaptable adversary capable of escalating capability as needed to achieve their objectives. For example, the threat actor demonstrated deep knowledge of AWS SSM (a relatively new technology in 2018) and deployed a kernel-level rootkit with stealthy command and control (C2) using ATT&CK technique T1205.002.
https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1 https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/?amp=1