China's 5+ Year Campaign to Penetrate Perimeter Network Defenses
Black Hat USA 2025 · Day 1 · Briefings
Over five years, Chinese state-linked threat actors mounted a sustained, evolving campaign against Sophos XG firewalls — and by extension, every major network perimeter device. Sophos responded by deploying its own covert kernel implant on attacker-controlled firewalls to monitor the adversaries in real time, ultimately linking the operations to APT41 and APT31 and to a named individual, Guan Tianfeng of Sichuan Silence Information Technology, who now carries a $10 million U.S. government bounty. ---
AI review
Pacific Rim is the kind of five-year longitudinal threat intelligence report that makes every 'China APT' slide deck look like a napkin sketch. Sophos didn't just get pwned — they built a kernel implant and watched the attackers work in real time, then named one of them. That's not incident response. That's counter-intelligence.