This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fascinating threat assessment and deep dive on persistent threat based in China.

dougga over 8 years ago

Title: Operation Cloud Hopper

Authorship:

- Price Waterhouse Cooper

- BAE Systems

Primary Article Link: https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf

Press Release from PwC on Primary Article: https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

Summary Article Author: Bruce Schneier

Summary Article Link: www.schneier.com/.../apt10_and_cloud.html

More summary articles released in the past 24hrs:

This seems like a major source of espionage for Western-allied Companies and governments.

I'd be interested to get an understanding to what extent the Sophos UTM has mitigated these sources. Also, it would be a huge benefit if the operators of Sophos products could get reporting on threats coming from these sources.

DOMAIN SPECIFIC MITIGATION (BAND-AID)

As for myself I've added specific Category and Reputation edits on the domains referenced in the article, but I think it would be wise for Sophos to do the same as an absolute minimum and push it to the customer base asap.

Web Protection \ Filtering Options \ Websites

I'd also be interested in suggestions on how best to deal with this as well.

THE TOOLS USED

More specifically, this threat is known to use the following tools:

Malware Last used

Poison Ivy 2014

Plug X Current

EvilGrab 2016

ChChes Current

Quasar Current

RedLeaves Current

How does the Sophos UTM (and it's other products) address these threats without regard to domain origin?

Does anyone know?

REPORTING

Reporting on such high-level threats seems outside the scope of Sophos Products, but the value to Sophos customers would be huge.

Also, giving the Sophos operator the option to pass on such information to their respective government organizations responsible for inbound international espionage (The FBI in the case of the United States [I think]) would be an interesting thought.

Thanks

This thread was automatically locked due to age.

0 BAlfson over 8 years ago

Thanks for bringing this to our attention, Doug - if Bruce Schneier says it's a big deal, then it is. I'm a fan of his Crypto-Gram podcasts, but I don't think he's mentioned this there recently. Apparently, this has been going on for 10+ years.

I don't know when it happened, but all of these sites currently are classified as "Malicious Sites - High Risk" by trustedsource.org's SmartFilter XL, so others that see this only need to be certain that they block traffic to "Malicious" and/or "High Risk" sites in Web Filtering.

For me, the key thing in the report is the almost-irrefutable proof that this is a plan by the Chinese government to steal intellectual property from the western world so that they can capture more manufacturing business by 2025. For those that thought the biggest threat was the "Russian" Mafia (spread across countries under the hegemony of the old USSR), this will be a sobering awakening to the fact that the Chinese government sponsors the largest criminal enterprises in the world. The Russian government just ignores their Mafia. In fact, compared to the Chinese, they're just small-time crooks.

These may sound like harsh words, but it's just simple truth. It's further proof that every device needs to be behind a UTM because each of us is only a few connections away from spreading an infection to a device with access to military secrets or valuable intellectual property.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel