Pacific Rim: Sophos’ 6 Year Battle To Beat Back China State Hackers

Sophos's Pacific Rim investigation describes a multi-year, state‑sponsored Chinese APT campaign that used sophisticated cloud-based pivoting (AWS SSM), assembled botnet-like "ORBs," exploited zero‑day vulnerabilities, and deployed stealthy rootkits and bootkits to compromise perimeter and customer devices; Sophos employed a targeted implant and improved telemetry to detect activity, intercept a zero‑day exploit, patch vulnerabilities, and inform mitigation, while highlighting systemic risks from legacy/end-of-life devices and the need for stronger secure development and coordinated responses.