Chinese attempt at brute force attack foiled.
On Saturday November 11th, 2018 at 04:30 EST SoniXCast was contacted by the United States Federal Bureau of Investigation that there was a brute force attack occurring on the SoniXCast edge network that serves US government systems. Within a short period of time the attack expanded to other SoniXCast networks in Canada and Europe that serve federal and commercial services including retail branch services.
The attack was mounted from the US.
The attack was mounted from 3 separate US location from Virtual Private Servers located in Atlanta Georgia, Dallas Texas and San Francisco California. Payment came from an offshore financial services company known to be associated with Chinese Intelligence Services. The attack was in form of a bot that would attempt multiple password variations in order to gain root access to a system. By evaluating TCP headers, technicians were able to backtrack connections to a server in Taiwan China.
SoniXCast emergency attack protocol was immediately implemented which confuses most modern network attacks. However, the protocol also confuses customer systems so some minimal downtime was experienced. There seems to have been a timeout associated with the attack script so that when the requested ip-address and port was no longer available, the bot gave up and moved on to another system which minimized downtime overall.
SoniXCast is cooperating with the US federal government and has contacted cyber attack units in countries where the attack on SoniXCast networks occured. Once a full report has been issued, the network team will evaluate and advise if further actions are necessary.