Hacker News new | ask | show | jobs
by xemdetia 1515 days ago
Based on the places where they were putting their threats I doubt mining was their goal. It sounds more that they were spelunking in case they wanted to ransomware and/or just wanting the information in a straightforward way. I wonder if also they were just using these servers as a foothold to attack something else. If you are mixing your traffic among an org's business presence it would be difficult to chase as a hop.
2 comments
ghostbrainalpha 1515 days ago
Ya, this definitely wasn't about mining.

There isn't much info to go on, but it almost sounds like they were after the type of financial data that would be useful for insider trading.

link
flutas 1515 days ago
Based on the article they were targeting Office 365 on prem email instances for market mover events (acquisitions, new clients, etc)
link
girvo 1515 days ago
It honestly sounds like state-sponsored (or at least extremely competent) corporate espionage. To what end, I do not know. Wild.
link