Attackers targeted critical infrastructure in Southeast Asia: Sophos

Sophos, a cybersecurity solutions company, has recently released a new report titled "Pacific Rim," revealing its five-year-long defensive and counter-offensive operations against a complex network of cyber adversaries, allegedly linked to China, that have targeted critical infrastructure across Southeast Asia.

According to a press release, a range of cyber campaigns have targeted both large and small infrastructure and government systems in South and Southeast Asia, including nuclear energy suppliers, a major airport, a military hospital, and central government ministries. The groups responsible are reported to have close ties with well-known Chinese nation-state actors, including Volt Typhoon, APT31, and APT41.

The attackers used a series of campaigns with novel exploits and customised malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools, and procedures (TTPs), states the press release.

To prevent these incidents, Sophos have given some security advice for the defenders including limiting internet-facing services and devices, prioritising urgent patching and monitor internet-facing devices closely, enabling automatic hotfixes for edge devices, collaborating with law enforcement and partners for indicator of compromise (IoC) sharing and action, and developing a strategy for handling end-of-life (EOL) devices.