@neurovagrant Just guesstimating, but given that the attack vector was Confluence it seems there's some level of org structure and corporate-like inner workings.
And just like corporate inner workings, they didn't patch their Confluence 😈
@neurovagrant Certainly yes to the former as it’s evolved into a business model. As for the latter, there’s been actors that have patched the exploit they used after entry so others could also use it. But I’d guess that’s not as much a worry of theirs as it is ours.
@neurovagrant yes we have reason to believe they do! We know the conti ransomware group had a working corporate like internal structure, based on the leaked chat logs and data from early 2022. Traces of similar structures has been seen with other groups as well, but not confirmed to the extent of the conti group.
Add comment