zlacker

[parent] [thread] 2 comments
1. defros+(OP)[view] [source] 2023-07-20 13:13:31
Two of the most recent most high profile hacks required a large degree of preplanning, scoping out, custom coding etc to achieve the breadth and depth of penetration gained upon execution.

How would you classify supply-chain attacks?

Primary security was bypassed by breaking secondary security .. so there was security to be overcome, there was no social engineering aside from understanding procedures in play, and no disgruntled employees.

https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...

https://forensiccontrol.com/guides/unravelling-the-moveit-ha...

replies(1): >>felixh+go
2. felixh+go[view] [source] 2023-07-20 14:58:02
>>defros+(OP)
let me blow your mind with "the lazarus heist" podcast: https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads
replies(1): >>defros+1r
◧◩
3. defros+1r[view] [source] [discussion] 2023-07-20 15:09:07
>>felixh+go
Another good example, thank you.

Over time they got more interesting and less like the "basic unsophisticated | opportunistic | social engineer | inside agent" description given above.

https://en.wikipedia.org/wiki/Lazarus_Group

[go to top]