TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-11-07 09:08:00
subject: The FBI wants the public
The FBI wants the public to help it track down Chinese hackers

Date:
Wed, 06 Nov 2024 14:46:20 +0000

Description:
The law enforcement agency is asking anyone with information to reach out via
WhatsApp or Telegram.

FULL STORY

The US Federal Bureau of Investigation (FBI) is asking the general public for
help in the investigation, and identification, of a threat actor targeting
edge devices and computer networks in government entities and other 
companies. 

Citing a report from cybersecurity researchers Sophos, the FBI said an
Advanced Persistent Threat (APT) group created and deployed malware as part 
of a widespread series of indiscriminate computer intrusions built to steal
sensitive information from firewalls worldwide. 

The campaign leveraged, first and foremost, CVE-2020-12271, an SQL injection
issue found in SFOS 17.0, 17.1, 17.5, and 18.0 before late April 2020, on
Sophos XG Firewall devices. The vulnerability affected devices configured 
with either the administration (HTTPS) service or the User Portal exposed on
the WAN zone. The crooks abused the bug to trigger remote code execution
(RCE), leading to the exfiltration of usernames and hashed passwords from
local device admins, portal admins, and user accounts. Years-long campaign 

The move is linked to a series of recent reports from Sophos which details
multiple hacking campaigns that took place between 2018 and 2023 and
apparently exploited edge infrastructure appliances to deploy custom malware.
Sophos dubbed the campaign Pacific Rim , and attributed it to multiple 
Chinese state-sponsored threat actors, including the infamous Volt Typhoon. 

Sophos also said that CVE-2020-12271 wasnt the only vulnerability exploited 
in this campaign, also listing CVE-2020-15069, CVE-2020-29574, CVE-2022-1040,
and CVE-2022-3236. 

"From 2021 onwards the adversaries appeared to shift focus from widespread
indiscriminate attacks to highly targeted, 'hands-on-keyboard' narrow-focus
attacks against specific entities: government agencies, critical
infrastructure, research and development organizations, healthcare providers,
retail, finance, military, and public-sector organizations primarily in the
Asia-Pacific region," the company said at the time. 

Those with actionable intel can reach out to the FBI via WhatsApp, Signal or
Telegram. 

 Via The Hacker News

======================================================================
Link to news story:
https://www.techradar.com/pro/security/the-fbi-wants-the-public-to-help-it-tra
ck-down-chinese-hackers

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.