The one where they installed a remote access script on a workstation, waited for 6 months before spending all of 5 minutes bypassing a few layers of security products, gaining domain admin, and then exfiltrating 3 docs relating to a Russian dude’s trial from like 6 years prior.
Why the hell would one do that for THREE documents? I’d be exfiltrating everything out of there if I were them, if not for that Russian guy’s trial, at least for my curiosity and reading pleasure!
The one where they installed a remote access script on a workstation, waited for 6 months before spending all of 5 minutes bypassing a few layers of security products, gaining domain admin, and then exfiltrating 3 docs relating to a Russian dude’s trial from like 6 years prior.
Why the hell would one do that for THREE documents? I’d be exfiltrating everything out of there if I were them, if not for that Russian guy’s trial, at least for my curiosity and reading pleasure!
I can only guess it was a state sponsored action. They had a job to get some specific info and get out.