Endpoint/Device Security, Network Security, Threat Management
Chinese APT exploiting Sophos firewall zero-day
Share
Man-in-the-middle attacks are being deployed by sophisticated Chinese APT group Drifting Cloud through the exploitation of a zero-day vulnerability in Sophos firewall, according to SecurityWeek.
Drifting Cloud has leveraged the already-patched flaw, tracked as CVE-2022-1040, to compromise the firewall before deploying a webshell backdoor, establishing persistence, and attacking the organization's staff, a Volexity report revealed.
"These attacks aimed to further breach cloud-hosted web servers hosting the organization's public-facing websites. This type of attack is rare and difficult to detect," said Volexity.
The report also showed that Drifting Cloud sought to remotely access the compromised network through VPN user accounts and related certificate pairs.
"While gaining access to the target's Sophos Firewall was likely a primary objective, it appears this was not the attacker's only objective. Volexity discovered that the attacker used their access to the firewall to modify DNS responses for specially targeted websites in order to perform MITM attacks," Volexity added.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Terms
ACK PiggybackingAntivirus SoftwareBackdoorBerkeley Internet Name Domain (BIND)DNS SpoofingDomain HijackingDomain Name System (DNS)Dumpster DivingDynamic Routing ProtocolKeyloggerGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds