Chinese spies spent 4 months in aerospace firm’s server (www.theregister.com)

submitted 2 weeks ago by ptz@dubvee.org to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.

In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.

It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

top 3 comments

sorted by: hot top controversial new old

[-] Telorand@reddthat.com 10 points 2 weeks ago

Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.

In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.

Emphasis mine.

"Hmm, yes. Let's connect this server to our trusted network and never touch it again." FFS.

[-] ptz@dubvee.org 7 points 2 weeks ago* (last edited 2 weeks ago)

Lol, yeah.

The Slashdot article that led me to the original was slanted to say "legacy IT" equipment was the cause and had the distinct subtext that had they been using cloud for everything, they would have been fine.

Nope, this is 100% failure to provision and secure equipment correctly. And cloud doesn't mean anything for security, especially given how many sensitive files have been left in wide-open, publicly accessible S3 buckets.

[-] mkwt@lemmy.world 6 points 2 weeks ago

Well, which one is it?

this post was submitted on 19 Sep 2024

47 points (100.0% liked)

Cybersecurity

5476 readers

64 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social