top | item 46272290

(no title)

ack_inc | 2 months ago

"The simultaneous activity from US and India confirmed we were dealing with a single attacker using multiple VPNs or servers, not separate actors."

Did it really? It's not clear to me why the possibility that the exfiltrated credentials were shared with other actors, each acting independently, is ruled out.

discuss

neoinkarasuyuu|2 months ago

Yeah, that claim makes no sense by itself, and I found it contradictory as one actor accessing repos over two vpns at the same time seems unlikely.

I think if you look at all the actions, and see that they don't overlap, then it might make sense.

If access was: Location: Repo USA: 1,2,3,4 India: 5,6,7,8

The it is reasonable to assume that the access was from that same actor, as it is coordinated in some way.