this post was submitted on 12 Jul 2023
143 points (99.3% liked)

Technology

59454 readers
5025 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The group attacked over two dozen government agencies in Western Europe and the U.S., and compromised associated personal accounts of employees.

you are viewing a single comment's thread
view the rest of the comments
[–] kobra@lemm.ee 19 points 1 year ago (1 children)

I like how they make it seem like China has really leveled up their cybersecurity skillset to be able to hack into these systems. I'd bet money most of the access comes from phishing credentials from humans.

[–] nymwit@lemm.ee 17 points 1 year ago (1 children)

unless everyone is blatantly lying, it doesn't seem like it:

“This was a very advanced technique used by the threat actor against a limited number of high value targets. Each time the technique was used, it increased the chances of the threat actor getting caught,” said Google Cloud’s Mandiant senior vice president and chief technical officer Charles Carmakal. “Kudos to Microsoft for leaning in, figuring this out, remediating, collaborating with partners and being transparent.”

“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodge said in a statement to The Wall Street Journal. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”>

[–] Millie@lemm.ee 1 points 1 year ago

Just because it's a technique doesn't mean it isn't social engineering.