Comment by gghffguhvc
2 years ago
Article says large data files were sent from device to servers. Perhaps they could have configured their networks to detect/block this part.
2 years ago
Article says large data files were sent from device to servers. Perhaps they could have configured their networks to detect/block this part.
The whole story starts with them detecting the anomalous network traffic, so not sure what you think they did wrong.
I read it as it was going on for 4 years and they did 12 months of investigation leaving an unknown amount of time it went undetected.
What they mean is there's evidence in the captured binaries and from other victims that this campaign has been running for at least four years, not that they were compromised for four years. It actually sounds like they detected their own compromise immediately.
They did, because they detected it using their network monitoring stack.
This would have a very high false positive rate.