Skip to Content


Updated on 2022-09-27

Chinese APT TA413 exploited flaws in Sophos Firewall and Microsoft Office to deliver a previously undetected backdoor, dubbed LOWZERO, as part of a cyberespionage campaign against Tibetan entities.

Overview: TA413

On the same note, Recorded Future also has a report on TA413, a suspected Chinese APT group that’s targeting Tibetans, another of China’s favorite-to-abuse minority groups.

Over the first half of 2022, we have observed TA413 exploit a now-patched zero-day vulnerability targeting the Sophos Firewall product (CVE-2022-1040), weaponize the “Follina” (CVE-2022-30190) vulnerability shortly after discovery and publication, and employ a newly observed custom backdoor we track as LOWZERO in campaigns targeting Tibetan entities.


    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on