Chinese spies spent 4 months in aerospace firm’s server (www.theregister.com)

submitted 1 day ago by ptz@dubvee.org to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.

In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.

It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

you are viewing a single comment's thread
view the rest of the comments

[-] Telorand@reddthat.com 8 points 1 day ago

Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.

In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.

Emphasis mine.

"Hmm, yes. Let's connect this server to our trusted network and never touch it again." FFS.

[-] ptz@dubvee.org 5 points 1 day ago* (last edited 1 day ago)

Lol, yeah.

The Slashdot article that led me to the original was slanted to say "legacy IT" equipment was the cause and had the distinct subtext that had they been using cloud for everything, they would have been fine.

Nope, this is 100% failure to provision and secure equipment correctly. And cloud doesn't mean anything for security, especially given how many sensitive files have been left in wide-open, publicly accessible S3 buckets.

this post was submitted on 19 Sep 2024

43 points (100.0% liked)

Cybersecurity

5408 readers

100 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social