It’s a supercomputer center, so I imagine large data transfer is normal in the environment. They could have piggybacked on existing high-throughput data workflows, or somehow blended into expected large transfers. Data can be exfiltrated over weeks or months, across multiple endpoints or accounts, … and compression could have happened prior to transfer (meaning the transfer may have been smaller than 10PB). Monitoring could have been inadequate or bypassed.
I imagine the puny change could be indicative of wanting a fast sale. Possibly, if they decided to store the data on cloud drives via a credit line. They might want a sale before the bill comes.
Edit: yup
According to the alleged attacker, they gained access through a compromised VPN domain, then deployed a botnet to extract data. Instead of transferring data in bulk, the attacker distributed the exfiltration across multiple systems and moved ‘smaller’ amounts over about six months to avoid detection. Such a method relies more on exploiting system architecture than on advanced hacking techniques, which in part helped the perpetrator to avoid detection.
how do you exfiltrate that much data without anyone noticing?
and dude wanted some puny change for it, like a million bucks or something lol.
It’s a supercomputer center, so I imagine large data transfer is normal in the environment. They could have piggybacked on existing high-throughput data workflows, or somehow blended into expected large transfers. Data can be exfiltrated over weeks or months, across multiple endpoints or accounts, … and compression could have happened prior to transfer (meaning the transfer may have been smaller than 10PB). Monitoring could have been inadequate or bypassed.
I imagine the puny change could be indicative of wanting a fast sale. Possibly, if they decided to store the data on cloud drives via a credit line. They might want a sale before the bill comes.
Edit: yup