←back to thread

An attacker’s blunder gave us a look into their operations

(www.huntress.com)
154 points mellosouls | 4 comments | 09 Sep 25 15:42 UTC | HN request time: 0.001s | source
1. mzajc ◴[09 Sep 25 18:22 UTC] No.45186208[source]
I don't understand how "we actively spy on our customers and blog about it" is a viable marketing strategy..?
replies(3): >>45186836 #>>45187394 #>>45190112 #
2. evanjrowley ◴[09 Sep 25 18:52 UTC] No.45186836[source]
The cybersecurity industry is dominated by companies who sell this as their "cyber threat intelligence" and "real-time protection" special sauce.
3. neodymiumphish ◴[09 Sep 25 19:24 UTC] No.45187394[source]
Presumably this

> We knew this was an adversary, rather than a legitimate user, based on several telling clues. The standout red flag was that the unique machine name used by the individual was the same as one that we had tracked in several incidents prior to them installing the agent.

So in any other context, they probably wouldn't do any digging into the machine or user history, but they did this time because they already had high confidence of malicious use from this endpoint.

4. ◴[09 Sep 25 22:19 UTC] No.45190112[source]