Black Hat USA 2025 | China's 5+ Year Campaign to Penetrate Perimeter Network Defenses

For more than five years, firewall vendors have been under a persistent, cyclical struggle against a well-resourced and relentless China-based adversary that has expended considerable resources developing custom exploits and bespoke malware expressly for the purpose of compromising enterprise firewalls in customer environments. In this first-of-its-kind presentation, I will walk attendees through the complete history of the campaign, detailing the full scope of attacks and the countermeasures one firewall vendor developed to derail the threat actors. The presentation will provide rich detail into the exploit development targeting specific firewalls, how the exploits were deployed and leveraged to compromise customers, and characteristics of the malware deployed inside the firewall's operating system as a result of these attacks. Fundamental to this presentation is the fact that the adversary behind this campaign has not targeted only one firewall vendor: Most of the large network security providers in the industry have been targeted multiple times, using many of the same tactics and tools. So this serves not merely as a warning to the entire security industry, but as an urgent call to the companies that make up this industry to collectively combat this ongoing problem. Because at the end of the day, we all face the same threat, and we cannot hope to withstand the tempo and volume of these attacks alone. We must work together. By: Andrew Brandt | Hacker Presentation Materials Available at: https://ift.tt/5oFN68L

source https://www.youtube.com/watch?v=z4COrX9YHcU