China spends 5+ years hacking firewall vendor, who breaks omerta

Spikescape writes: Over a five-year period, attackers based in Chengdu, China repeatedly targeted the firewalls sold by cybersecurity vendor Sophos. The company, while this was going on, figured out who the attackers were, hacked back and monitored the people who were doing this, and passed the information to law enforcement, who were able to notify victims and stop the intrusions in most cases.

Sophos X-Ops has identified, with high confidence, exploit research and development activity being conducted in the Sichuan region. Consistent with China’s vulnerability disclosure legislation, X-Ops assesses with high confidence that the developed exploits were then shared with multiple distinct state-sponsored frontline groups with differing objectives, capabilities, and post-exploitation tooling.