The US Federal Bureau of Investigation (FBI) has reached out to the public for assistance in the investigation and identification of a threat actor targeting edge devices and computer networks within government agencies and other organizations. This comes as cybersecurity researchers from Sophos have uncovered an Advanced Persistent Threat (APT) group that has been involved in creating and deploying malware to conduct indiscriminate computer intrusions aimed at stealing sensitive information from firewalls globally.
The FBI highlighted a specific vulnerability, CVE-2020-12271, an SQL injection issue discovered in SFOS 17.0, 17.1, 17.5, and 18.0 prior to late April 2020, affecting Sophos XG Firewall devices. This vulnerability allowed the threat actors to exploit remote code execution (RCE), leading to the extraction of usernames and hashed passwords from local device admins, portal admins, and user accounts.
The campaign associated with this threat actor spans several years, with multiple hacking incidents reported between 2018 and 2023. Sophos has identified these attacks as part of a larger initiative known as Pacific Rim, which has been attributed to various Chinese state-sponsored threat groups, including Volt Typhoon. In addition to CVE-2020-12271, other vulnerabilities exploited in this campaign include CVE-2020-15069, CVE-2020-29574, CVE-2022-1040, and CVE-2022-3236.
Sophos noted a shift in the threat actor’s tactics in 2021 towards more targeted attacks on specific entities such as government agencies, critical infrastructure, research organizations, healthcare providers, retail, finance, military, and public-sector organizations primarily in the Asia-Pacific region. The FBI is urging individuals with relevant information to contact them through platforms like WhatsApp, Signal, or Telegram to aid in the investigation.
This call to arms by the FBI underscores the growing cybersecurity challenges faced by government and private sector organizations, as threat actors become increasingly sophisticated in their tactics. The collaboration between law enforcement agencies and cybersecurity researchers is crucial in combating these threats and protecting sensitive data from malicious actors.
As the investigation into the APT group targeting edge devices and computer networks continues, the FBI is counting on the support and cooperation of the public to help identify and apprehend those responsible for these cyber intrusions. By working together, law enforcement and individuals can strengthen cybersecurity measures and prevent future attacks on critical infrastructure and government agencies.