Saagar Jha
(replying to i.grok)
@igrok I feel like these tools make it harder to make a backdoor but I was surprised that the attacker didn’t just change their backdoor to operate cleanly in those environments. Maybe they just thought this was easier
i.grok
(replying to Saagar Jha)
@saagar they were definitely rushing
Likely because systemd was about to disable their backdoor wrt sshd
But the tools definitely increased the profile and thus the risk. Not enough, but it complicated their lives enough to slow them down
Which is something we can be happy about