Comment by rob_c

Omg they also saw spikes in DNS traffic and high load during days exfiltration ahead of audit...

Clearly the (system) auditing infrastructure wasn't robust enough to still provide a lot of monitoring even in the service is being managed by someone else...

Also a several hundred line teardown of a 300line file is exactly what is wrong with some coders. Not having a CI/CL for every single short tool written once to do a job is called being productive...