top | item 43755445

(no title)

mikekij | 10 months ago

Cybersecurity "expert" here. This seems to be under-hyped, if possible. If there were login attempts that even appeared to be coming from Russia using valid credentials that were created less than an hour before, it can really only be explained by collusion or an attacker having visibility into the process that created the credentials in the first place.

The fact that the traffic appeared to be coming from Russia isn't particularly compelling, as it's very easy to make your web traffic appear to be coming from another country. But I struggle to understand why a legitimate user of those credentials would willfully make their legitimate use of government systems appear to be coming from an adversary.

discuss

No comments yet.