Andrew Brandt

forensic analysis, post-attack analysis for their customers.

And one of these companies is called Valexity.

And Valexity reached out to Sophos because they had a customer with Sophos Firewalls and they were called in to do the investigation on the Baja attack.

And they had also discovered that

Mac OS and iOS software in their firewall, and Vilexity came to Sophos and said, hey, guys, why is this here?

We had no idea.

But it turned out, so Vilexity had figured out that the threat actors who were dropping these pieces of software on the Sophos firewalls that they were investigating, that the owners of those firewalls

We're operating a charity that supports the Uyghur diaspora.

And the Uyghurs are an oppressed minority in China.

They believe in Islam and they practice their faith, but they are strongly discouraged from doing so.

And they've been put in prison camps and jailed.

The story of the Uyghurs is outside of the scope of this podcast, but the point is that there's really only one organization that actually cares about these two groups of people, about surveillance of these two groups of people, and that is the government of China.

Absolutely.

You can imagine the amount of work that this spins up and the way that it kind of balloons out of control as you discover that more and more pieces of the open source code base that you're using are being exploited in different ways.

Yeah.

yeah, who has time for all of that?

Like, if all you're doing is just fixing these patches, that could be a full-time job.

But you're also supposed to be building out a product that has new features and response to customer requests and all other things.

So,

Yeah.