Pacific Rim Network Device Targeting Campaigns, China-based threat groups using botnets, novel vulnerability exploits, and custom malware
Threat Highlights
-
New Campaign object (“Pacific Rim Network Device Targeting Campaigns“) based on Sophos' recently published, wide-reaching investigation into China-based threat groups using botnets, novel vulnerability exploits, and custom malware to target firewalls and other perimeter devices.
-
Considering inherent challenges in securing network devices, such as telemetry collection and detection tuning, this extensive set of TTPs (45 Technique Relationships) can be useful for identifying post-exploit opportunities for detection or mitigation, allowing layering of defenses against sophisticated network device campaigns.
-
-
Tidal Tip: You can now review previous CTI updates on our threat content updates page here!
Defense Highlights
-
Updated Vendors & Products: Elastic Security SIEM and EDR products have been updated to version 8.15