We’ll publish our own full post-mortem in the next 1-2 weeks.
> One of the more interesting pieces of this was how Ansible was used to keep the attacker in the system.
Fwiw the infra that was compromised was not managed by Ansible; if it had been we would likely have spotted the malicious changes much sooner.
> One of the more interesting pieces of this was how Ansible was used to keep the attacker in the system.
Fwiw the infra that was compromised was not managed by Ansible; if it had been we would likely have spotted the malicious changes much sooner.