haha beat me to it LZ.
Likelihood that the malware and technology was sophisticated? Low. Likelihood that a phishing message led to malware being installed on a local computer and pivoted from? High.
I’m curious why Mandiant ran out and said China anyways.
All of the other China hacks have been directly related to intellectual property not SSNs. The hospitals owned by CHS are not even high even a lot are in rural areas and have shitty to no security based on my experience working with a company they acquired.
Yeah I’m not sure why China would go after PHI. Certainly doesn’t sound like the PRC gov. Then again, Mandiant likes te politcs of the Chinese hackers, and this could easily have been anyone from anywhere in the world simply pivoting a Chinese host because it’s a great ip space to hide behind.
bump
“Obamacare site hacked but nothing taken, HHS says”
sounds more like someone was surfing the interwebs on a server that shouldn’t have been.
It was a test server that wasn’t supposed to be put online with weak passwords
Yeah but did someone actually “hack” it or was a piece of malware downloaded?
The word “Hack” gets thrown around too liberally. “I left my password taped to my monitor and someone hacked into my computer”…no, there was no effort required, they logged into your computer as you.
While I agree for the most part that Prog, anything that causes a breach is going to be considered a “hack”.
Simply, if weak passwords existed, that means that someone logged into the machine, unauthorized and installed some malware for a reason. They’re downplaying it as run of the mill malware, but what does that really mean? Who was is beaconing back to? APTs are known to get a foothold in an environment and lay dormant for long periods of time (hundreds of days).
When you’re defending a network, you don’t care if it’s a phishing, a stupid admin browsing the web, a persistent person bruteforcing, a sophisticated web app hacker, etc… Anything that compromises a machine is BAD.
The issue here is once you gain access to a Windows server or other server its generally easy to elevate privileges and latterly move around a network.
So while gaining access to a “test” server might not be a big deal often times people reuse DB passwords or other credentials not mention you’re generally inside a DMZ at this point.
If only more people got cryptolocker, their data would be encrypted and totally secure. LOL
^Nope, now there are decrypters that will reverse that process.
My point was it seems strange that some person would hack a server just to install low level botnet malware. Seems more like a malicious website or bad attachment.
Was not srs.
I know just saying.
Bump
Oh and lol Huawei
Every US executive stuck in China right now…
Gotta love the irony of the Chinese saying we’ve violated her human rights by arresting her. China, complaining about us violating someone’s human rights. CHINA
Good China / tech read:
Such a different place over there. Definitely an interesting read. Wonder what that means in the years to come.
Yea I have been to China before its an interesting place.
Not really sure what all this means US companies and US government needs to take China hacking and stealing proprietary information.
On the other side China really needs the US for all the crap they steal and sell back so who knows