The group attacked over two dozen government agencies in Western Europe and the U.S., and compromised associated personal accounts of employees.

  • nymwit@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    unless everyone is blatantly lying, it doesn’t seem like it:

    “This was a very advanced technique used by the threat actor against a limited number of high value targets. Each time the technique was used, it increased the chances of the threat actor getting caught,” said Google Cloud’s Mandiant senior vice president and chief technical officer Charles Carmakal. “Kudos to Microsoft for leaning in, figuring this out, remediating, collaborating with partners and being transparent.”

    “Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodge said in a statement to The Wall Street Journal. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”>

    • Millie@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Just because it’s a technique doesn’t mean it isn’t social engineering.