Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability
Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerabilityChinese state-sponsored hackers are targeting organizations and governments in Afghanistan, Bhutan, India, Nepal, Pakistan and Sri Lanka with a now-patched zero-day vulnerability in Sophos Firewall, according to several different cybersecurity companies.This week, Volexity released a report on CVE-2022-1040 – a Sophos firewall authentication bypass vulnerability patched in March – and said a Chinese APT group they named “Drifting Cloud” was using it to install three open-source malware families, including PupyRAT, Pantegana and Sliver.Sophos published its own report on the activity and told Volexity that it has observed “organizations primarily in the South Asia region” being attacked. “At least 2 distinct suspected Chinese state-sponsored groups were identified exploiting CVE-2022-1040 prior to its discovery. “We also identified a newly observed cluster of activity exploiting the vulnerability which we are tracking under the temporary designator TAG-40.
Read more about it: here