ok, I saw those but wasn't clear on the specific q I had. I'll re-read. Just my own 2-cents, since this was a MS environment, my speculation is ".asp" vs ".php". In fact I noted else where that Exchange has a public side they expose via "/owa". Any thoughts on that?
-
-
Replying to @jsb8908 @BloodSchmidt and
1) I know that this malware contacts a backend .php script on a (unix) server even though the malware is installed on Windows workstations. 2) I’m not a Windows literate person, the topic you just brought up is an extremely important one that I’d like to understand better.
2 replies 1 retweet 1 like -
I think people don’t understand that the Outlook server would probably be accessible from the internet so that DNC staff can receive their email remotely, including on their mobile devices.
2 replies 1 retweet 2 likes -
This is from Mueller report, page 40. Seems to suggest the emails were downloaded directly from internet (vs from internal DNC network) by accessing Outlook server remotely.pic.twitter.com/0ST5gLRMHE
2 replies 2 retweets 4 likes -
Replying to @bleidl @BloodSchmidt and
Tamene indicates its not on prem, p.22:pic.twitter.com/1bg8gKCjPY
1 reply 1 retweet 2 likes -
Replying to @jsb8908 @BloodSchmidt and
He’s talking about the email logs the FBI has requested and why it was a hassle to collect that information and transfer it to the FBI
2 replies 1 retweet 1 like -
the other day, a commenter observed that Guccifer2 only showed screenshots of emails, but not actual emails. Given some of the G2 theories, Henry's suggestion to House Cte that WL source obtained emails by taking screenshots was not just absurd, but perhaps a G2 dig-here
2 replies 1 retweet 4 likes -
This Tweet is unavailable.
-
Replying to @15poundstogo @bleidl and
what we probably KNOW is that, one month before the DNC emails were hacked from their email server, hackers used a known malware to move DNC documents from a different server to an Illinois computer, which Mueller says was controlled by GRU.
1 reply 0 retweets 6 likes -
Replying to @ClimateAudit @15poundstogo and
2/ a different operation than DNC email exfiltration in late May - AFTER Crowdstrike was in control. Perhaps, maybe even probably by same actors, but that has to be shown. BTW did you know that Illinois servers are commonly used by GRU for its most sensitive operations?/sarc
2 replies 0 retweets 9 likes
No call for sarcasm on that one. Common practice in criminal/spook world is to hide by going through a chain of hacked servers, which can be anywhere in the world. Do forensics on one, and all you get is the location of the next in the chain.
-
-
Replying to @NYarvin @15poundstogo and
and yet the basis for attribution of hack to GRU/APT28 is that they made multiple boneheaded lapses in operational security, in which they failed to use proxy servers and inadvertently added "Russian" fingerprints to metadata
1 reply 0 retweets 3 likes -
Replying to @ClimateAudit @15poundstogo and
I don't trust those "fingerprints" any more than you do, but organizations getting some things right and screwing up others is not unknown.
2 replies 0 retweets 0 likes - 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.