[jc01480]

Or obfuscating your C&C communications in mundane hash functions that appear to be routine periodic checks of file integrity. Exfiltrating your data the same way. They lived off the land and modified code. Pure genius, yet they poked a beehive. Wait for the full disclosure on this one. Impacted agencies and businesses are still assessing the scope of compromise. If you look around and see government businesses that were down over the holidays “upgrading their environment”, that would be a clue. What is frustrating is the number of agencies fully compromised in every respect yet they’ve not disclosed anything. Congress is gonna mindblow in about 6 months. And quite a few state legislative bodies as well. All those orgs hiding what we already know.