Uhm, by the time these hospitals were hit, the NSA had (allegedly) informed Microsoft about the vulnerabilities and Microsoft had (definitely) issued patches for them.
-
-
Everybody, even the exploit broker (who get to sell more bugs), benefits from a faster turnover. When lazy RCEs becomes too hard, offense simply returns them to traditional mechanisms (social, proximity, supply chain, human compromise) that never stopped working.
-
And the idea that NSA judiciously limits the scope of targets is simply not persuasive on the evidence: we had something close to 200,000 implants active on just the systems I could see. FBI routinely does 8000+ in one go:https://motherboard.vice.com/en_us/article/53d4n8/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant …
- 1 more reply
New conversation -
-
-
+1 whenever we're on a gig and we breach the perimeter, at some point we steal creds, and we end up moving around with stolen creds and exploits/hacks/etc arent needed anymore. I can't image similar tradecraft isn't employed.
-
I can see why: 1) Initial access is hard; 2) Some operator may be lazy/unskilled. Of course they will do whatever they can to use *anything* but a 0day, so low risk techniques are employed (credential reuse, etc.), but if you want to go fast and deep, 0day is def your friend :-)
-
no doubt! All I'm saying is that once you're in, you're in. the 0day has done its duty.
-
Yeah, can't speak for ROC, but NTOC had entire internal sites exclusively dedicated to storing notes on ops, tokens, credentials, etc we stole from our actors over time. For better or worse, NSA never forgets.
-
yeah - so its reasonable to accept that you dont have to sit on a 10 year old 0day, especially if its already served its purpose :D
End of conversation
New conversation -
-
-
That would encourage more reckless use of exploits leading to a higher risk of an 0day getting leaked. It's a nuanced problem with no easy solution
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.