123
Massive breach spills credentials for thousands of sensitive networks (arstechnica.com)
submitted 1 week ago by return2ozma@lemmy.world to c/technology@lemmy.world
10 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] IratePirate@feddit.org 17 points 1 week ago

In the interview, Diachenko put it more succinctly. “The scale is the sophistication,” he said.

The scale shows dedication (and deep pockets). The methods used - apart from the recursive dictionary attacks - were pretty mundane, as far as the report goes.

They then used a custom binary with 25,000 threads to spray hundreds of thousands of those endpoints with thousands of login and password combinations. Successful attempts now gave the attackers a “network tap inside the organization.”

Shouldn't these fairly unsophisticated "spray-and-pray" brute force attempts show up in logs and at least alert security personnel that an active attack was underway?

the attackers went on to “actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis.” From there, they used the GPU cluster to crack the hashes, meaning to try massive combinations of plain-text passwords until they found the right one.

Again, not particularly sophisticated, but supported by heavy machinery to burn energy and money to do the actual work. Again, I ask: shouldn't these types of attempts be mitigated by sufficiently long hashes? Even a 45-GPU cluster can be exhausted by hash length, can't it?

[-] Beangut@lemmy.world 7 points 1 week ago

Especially for a company that specialises in cybersecurity, yikes.

[-] BlackVenom@lemmy.world 3 points 1 week ago

Oh they absolutely show up in logs. And if they're half competent, this also would cause MFA prompts to users... And lockouts... So IT tickets too.

Yet...

[-] IratePirate@feddit.org 3 points 1 week ago

*crickets*

[-] zqps@sh.itjust.works 2 points 1 week ago

There's often no MFA configured for infrastructure because teams don't want to bother and think their own stuff is secure.

What it should definitely cause is SIEM alerts.

this post was submitted on 18 Jun 2026
123 points (100.0% liked)

Technology

85726 readers
3902 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws