Jack Rhysider

Can you come in and do other work?

Can you update to a different firmware that has malware on it or something?

Like, could you do things that, you know, and, you know, you start, your mind starts going like, could you do things that the NSA wants you to do and go and spy on this customer or something like that, right?

And so when you're a firewall admin, you're like, no, I have to make sure that this is, no other person in the planet can access this but me and other people on my team.

because you can't risk a backdoor.

I could just imagine the headlines at this point.

My question is, did any bad news come out to be like, Sophos found vulnerable, tens of thousands of customers impacted, huge vulnerability, hacker has complete control over their firewalls patch immediately.

That could make the stock tumble.

That could really hurt business.

As the Sophos team investigated this more, they learned that whoever did this attack had to have really in-depth knowledge of Sophos firewalls.

Like there's no way they should have discovered this bug unless they had access to the source code, which wasn't publicly available.

And that's when the pieces started clicking into place.

The part of this firewall that was vulnerable was code from the CyberRome firewall that was moved over to the Sophos firewall.

And two years before this, as you know, there was an attack on CyberRome.

And what server did the attackers get access to?

The one with the source code for their firewall.

So they started to think, holy crap, this is a very serious threat actor who's been attacking us for years.

They spent tons of effort getting into CyberRome's network to steal the source code only to study it for bugs and then launch a massive attack on our Sophos firewalls.

Whoa, what do you even do with this information?

To think your products are the target for a major cybersecurity campaign like this?