Network Security, Malware, Threat Intelligence

Sophos firewalls compromised with Pygmy Goat backdoor

Share

SecurityWeek reports that numerous Sophos XG firewall devices have been infiltrated with the advanced and stealthy Pygmy Goat backdoor, which first appeared in 2022 and not only leverages encrypted ICMP packets for communications but also conceals malicious traffic in the guise of legitimate SSH connections.

Other Linux-based network devices may have also been targeted by Pygmy Goat, as indicated by its utilization of a fake Fortinet certificate, a pair of remote shells, and several communication wake-up techniques, according to a report from the UK's National Cyber Security Centre. "While not containing any novel techniques, Pygmy Goat is quite sophisticated in how it enables the actor to interact with it on demand, while blending in with normal network traffic. The code itself is clean, with short, well-structured functions aiding future extensibility, and errors are checked throughout, suggesting it was written by a competent developer or developers," said the NCSC. Such an analysis follows a Sophos report detailing the cybersecurity firm's deployment of proprietary implants to monitor and defend against Chinese state-sponsored attackers targeting its products' zero-day vulnerabilities.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.