[1]https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html

   " sophisticated Chinese advanced persistent threat (APT) actor
   exploited a critical security vulnerability in Sophos' firewall product
   that came to light earlier this year to infiltrate an unnamed South
   Asian target as part of a highly-targeted attack.

   "The attacker implement[ed] an interesting web shell backdoor,
   create[d] a secondary form of persistence, and ultimately launch[ed]
   attacks against the customer's staff," Volexity [2]said in a report.
   "These attacks aimed to further breach cloud-hosted web servers hosting
   the organization's public-facing websites."

   The zero-day flaw in question is tracked as [3]CVE-2022-1040 (CVSS
   score: 9.8), and concerns an authentication bypass vulnerability that
   can be weaponized to execute arbitrary code remotely. It affects Sophos
   Firewall versions 18.5 MR3 (18.5.3) and earlier."

References

   1. https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html
   2. https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
   3. https://thehackernews.com/2022/03/critical-sophos-firewall-rce.html