|
|
|
|
|
|
by causasui
1732 days ago
|
|
|
95% social engineering/phishing, maybe 5% exploits. Using exploits is complicated, expensive, and risky. In most cases - to quote XKCD - it's cheaper and easier to just hit the victim on the head w/ a proverbial $5 wrench until they cough up their password, e.g.: have them download your "secure messaging app" which is actually just your implant. From the article: > To get close to Donaghy, a Raven operative should attempt to “ingratiate himself to the target by espousing similar beliefs,” the cyber-mercenaries wrote. Donaghy would be “unable to resist an overture of this nature,” they believed. Posing as a single human rights activist, Raven operatives emailed Donaghy asking for his help to “bring hope to those who are long suffering,” the email message said. The operative convinced Donaghy to download software he claimed would make messages “difficult to trace.” In reality, the malware allowed the Emiratis to continuously monitor Donaghy’s email account and Internet browsing. |
|
|