防火墙遭受重创：中国五年多来不断渗透外围网络防御.pdf

《防火墙遭受重创：中国五年多来不断渗透外围网络防御.pdf》由会员分享，可在线阅读，更多相关《防火墙遭受重创：中国五年多来不断渗透外围网络防御.pdf（65页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsFirewalls Under FireChinas ongoing campaign to compromise network protection devices worldwideAndrew Brandt#BHUSA BlackHatEventsAbout meThreat research at Webroot,Solera Networks,Blue Coat,Symantec,Sophos,NetcraftMalware and network forensics,retrospective attack analysis“Invest

2、igative cyberattack journalism”Elect More HackersWorld Cyber Health/Malware VillageMalware VillageMedia Archaeology Lab(CU Boulder)#BHUSA BlackHatEventsContextTimespan for these events is from 2018 2024(ish)Sophos X-Ops sits at the intersection of(and now encompasses)several teams of analysts and re

3、searchersResearch conducted by many of my former peers and colleagues,compiled by me&X-OpsToo many technical details to cover in 40 minutes#BHUSA BlackHatEventsDramatis PersonaeFirewall vendorsOther security companiesChengdu,Sichuan,ChinaIndividual threat actorsCompaniesA universityFirewalls and oth

4、er edge devicesBare metal and virtual devices#BHUSA BlackHatEventsAttack phases/epochsInitial attack&recon:2018-2019Mass-attack phase:2020-2021Targeted attacks and recurring use of old exploits with new payloads:2021-2024Research published October 2024Attacks ongoingSource:FBI#BHUSA BlackHatEventsPu

5、blic disclosureCloud Snooper(2020)“Asnark”public attacks(2020)Bookmark feature buffer overflow(2021)Personal Panda(2022)Covert Channels(2023)“Pacific Rim”encompassing these plus previously undisclosed campaigns(2024)Source:Sophos#BHUSA BlackHatEventsWhy“Pacific Rim?”Cloud Snooper(2020)aka Arizona“As

6、nark”(2020)aka MexicoBookmark feature buffer overflow(2021)aka BajaPersonal Panda(2022)aka AlaskaCVE-2022-3236(2022)aka YukonCovert Channels(2023)“Alaska part 2”#BHUSA BlackHatEventsPhase zero:The break-inSource:Sophos/Sergei Shevchenko#BHUSA BlackHatEventsThe first dominoNUC in Cyberoam office The