10. The Adversary Isn’t New, But The Scale Of Attack Is
Mandia: This group has been around for a decade or more. Different people go in and out of that group. We’re probably responding to the kids of the people I responded to in the ’90s when this group was active. How they gain a foothold in the victim network—SolarWinds was a way—they will always have other ways. This is a group that hacks for a living.
What they do after they break in really doesn’t change that much. They target specific people, primarily folks, at least in our case, that did work with the government. They target government projects, they target things that are responsive to keywords. These folks have economy of movement. If they broke into your machine, they string-search it, they find responsive documents, and they get out of Dodge. They have an economy that shows they’re professional. And that doesn’t change.
Smith: I can’t think of a similar operation that we have seen that would have similar human scale. … I haven’t seen anything larger. It’s the largest and most sophisticated operation of this sort that we’ve seen.
