undefined | Better HN

0 pointscodetrotter3y ago0 comments

> in the spy movie sense

It’s not just in the movies.

https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lap...

> Microsoft says LAPSUS$ — which it boringly calls “DEV-0537” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.

> “Microsoft found instances where the group successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners),” Microsoft wrote.

0 comments

aaaaaaaaata3y ago

Recruited employees?

Or people they unknowingly hired?

Small distinction?

namelessoracle3y ago

It's not a small distinction. An organization deliberately trying to inject an asset into your company to do X or Y is a different problem to solve than an existing employee who was coopted. And the co opted case has a different problem in one motivated by gain vs one motivated by threats agains them.

vageli3y ago

Recruited to join in the scheme against their employer.

j / k navigate · click thread line to collapse