|
|
|
|
|
|
by DietaryNonsense
1602 days ago
|
|
|
A colleague asked me what I meant by this - what use would a WIRED article have? etc. Targets (individuals, interior or gapped networks, etc) can be difficult to identify or locate and are even more difficult to get access to. Consider that it may be easier to run an operation where you intentionally pseudo-identify a security researcher engaging in his own attack to draw attention. Better yet, this researcher is known to be in possession of valuable tools, after all, the article says so. Maybe P4x exists or is a fiction, but either way there's a difficult yet traversable route of information that leads to "his" network. Somewhere there's an encrypted volume that presumably holds his cherished tools and information. But P4x knows that the encryption he's using suffers from undisclosed 0day. In fact, the 0day was developed by P4x et al and released into the wild to be found and used in just this kind of situation. The tools that appear to be protected by researcher P4x are actually compromised themselves, meant to be taken. He schedules an interview with WIRED, he talks shit and trashes NK operations, and plays the cocky and justice hungry hacker trope. He chums the water. There are countless ways that misdirection and narrative can be layered to draw your adversary into a worldview that is the creation of your own. It's not _just_ floors of camo-clad cyberoperaters phishing management types and looking for document dumps. |
|
|