[nikhizzle]

So I don't have details on this specific case, but I did work in cybersecurity and can comment on the vast majority of similar cases I saw, including some which made the front page. Every single one I remember came from unpatched OS vulnerabilities for which the patch was already available.

Regular patching is necessary hygiene for corporate IT, but often the department is understaffed, or frankly told by management to prioritize shiny things instead.

[londons_explore]

Most corporate machines aren't directly on the internet though... How do attackers get through corporate firewalls to access said unpatched machines?

I would guess the easiest way is to phish a login to the corp VPN or to send an email with a malicious attachment to give the attacker something inside the corp firewall as a place to start their port scan of the internal network and begin their attacks.

[alex_anglin]

MITREs ATTaCK [1] matrix is a great resource for describing incidents like these. To answer your question, it is a combination of Initial Access and Lateral Movement techniques that depend upon an attackers aims. They're by no means the only activities involved of course.

https://attack.mitre.org/

[coldcode]

Missed patching on what, is my question. Windows, MacOS, Linux, routers, servers, networking, etc. - what exactly is being attacked? Sure you should patch everything, but clearly something is being attacked more than others.