151
you are viewing a single comment's thread
view the rest of the comments
[-] psmgx@lemmy.world 33 points 7 months ago

Sounds like a concerted effort by a reasonably competent state actor. The +0800 timezone offset implies parts of Asia and is a small but crucial detail, esp given the commit times. In other words, China, Malaysia, Korea, etc. -- somewhere in Asia.

OTOH the author even concedes identity theft or smart attempts to discredit and point at Asia. Still, is on par for Chinese and NK actors.

[-] sugar_in_your_tea@sh.itjust.works 23 points 7 months ago* (last edited 7 months ago)

It could also be the opposite, someone trying to act like one of the Asian countries. The article lists the UTC times for the commits at 12-17, which would correspond to 8AM-1PM EST or 5-10AM PDT. That also could be fudged, or it could be a relatively new US spook working primarily in the mornings. Or if it's someone in Asia, that's 8PM-1AM, which is the perfect time for an evening hacker.

It's really not clear who's behind it.

I'm guessing an independent hacker in Asia because a state actor would probably just exploit existing bugs instead of adding new ones, and they certainly wouldn't do something as obvious as "safe_fprintf -> fprintf." I'm guessing this is all one individual trying to create business for themselves.

[-] mwguy@infosec.pub 2 points 7 months ago

In other words, China, Malaysia, Korea, etc. – somewhere in Asia.

The Shadow Broker's leaks showed that state actors had whole tool suites to ensure that the product appeared like it was coming from a different location. Given that those tools have been leaked since 2016 and the concept is even older; relying on metadata like timezones, character set, etc... to make determinations about location is unreliable at best.

this post was submitted on 30 Mar 2024
151 points (99.3% liked)

Cybersecurity

5689 readers
182 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS