|
|
|
|
|
|
by ufmace
926 days ago
|
|
|
Seems to me this is probably a later stage thing. Somebody got initial access to a company's systems via such a mechanism to some individual's system. A few more cycles of recon, exploitation, and pivoting later, they may be in a position to install something like this on some actually important server. Use it to maintain access to the things they really want, then delete evidence of the previous steps to cover their tracks. Now that it's at least 2 years after the initial intrusion, it could be pretty tough to determine how that happened and what path the attacker took. |
|
|