#pygmygoat — Public Fediverse posts

As a followup post, here are some other institutions who have published their own commentary on the #OperationPacificRim research that @SophosXOps published today:

The FBI posted a bulletin seeking more information about the people behind the intrusions (Sophos has identified at least some of the individuals who were involved):

https://www.fbi.gov/wanted/seeking-info/edge-device-intrusions

The UK's National Cybercrime Centre (NCSC) published their own research into malware they called #PygmyGoat (and which we named as "libsophos.so" in our report timeline (links to PDF):

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf

My former Sophos colleague Kristin Del Rosso previously coauthored an article for the Atlantic Council on China-originated device intrusions as a direct result of this research:

https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/

@WIRED reporter @agreenberg published a great summary of the attack campaign:

https://www.wired.com/story/sophos-chengdu-china-five-year-hacker-war/

Cybersecurity firm Greynoise also published their research. Greynoise has been a consistently supporting org.

https://www.greynoise.io/blog/the-persistent-perimeter-threat-strategic-insights-from-a-multi-year-apt-campaign-targeting-edge-devices