hakantan's comments

hey, as one of the reporters writing the article, I'm intrigued, obviously :D

hey, maybe this is a story relevant to the crowd on this site.

(I've used the search function to see whether the link to the story was posted already, afaik it wasn't.)

Hi,

thought that this article might be of interest to some of the folks reading here. OceanLotus has been successfully targeting lots of companies and NGOs and across sectors. I started zooming in on them after they hacked german car-maker BMW (https://www.tagesschau.de/investigativ/br-recherche/bmw-hack...). Wanted to have a look at some of the underlying infrastructure. And this is the result. Hope you'll enjoy it. If not, let me know, what didn't work out in your view.

I've summarized the main findings in this thread on twitter (https://twitter.com/hatr/status/1314170230009212929

This is a very good question. By now, there is a git repo (https://github.com/br-data/2019-winnti-analyse) for the more technical folks (includes yara, some scripts etc.)

We don't have focus groups, but we want to convey to our readers are certain understanding how these operations work. What threat hunting is, why it is important and all that.

At some point you have to make some certain decisions. One was not to explain what a rolling xor is. So yeah, we had to simplify a lot. The truth is, though, this stuff is hard for most people, myself included.

Hope that helps.

Hi. One of the author(s) of the article here. The plain article with information-only is over here: https://www.tagesschau.de/investigativ/ndr/winnti-101.html

We released a longer version, because we do hear very often that people don't understand how these intrusions are actually working. Also, we tried to show the scale.

-> both long form and shorter version

hope that helps.