Andrew Brandt

It's kind of a funny thing.

I mean, it basically came onto my radar the second month I was working at Sophos.

Oh, I should introduce you to Andrew.

Yeah, so I'm Andrew Brandt.

And throughout the time the research was going on for this story, I was a principal researcher for Sophos.

But I am now a principal threat researcher for a company called NetCraft.

The team that I was on eventually didn't exist.

I was the only person on it.

And one of the analysts reached out to me through the company chat and said, hey, I've got a great story for some really cool research.

I'd like to write it up and have you publish it on the blog and do some edits on it.

I said, great, tell me more.

And he told me the story, but the one thing he didn't tell or what he said he couldn't tell me was who the target was.

So there was a sales office and they had a bullpen.

Like you have a lot of, you know, in a lot of sales offices where people are on the phone, you're trying to sell the product.

And so they had like this leaderboard that was on a computer screen that was running off a little Linux computer.

And that was the first machine that got infected.

And the threat actors managed to pivot from that Intel NUC, which is like a tiny little computer that's small enough it can mount on the back of a TV monitor that's hanging on the wall.

that they were able to pivot from the NUC and find access to the repository where the source code was and then get into that.

And then to do the CloudSnooper attack on that cloud service where the source code was.

It's just mind-boggling to me, the amount of effort involved in pivoting from this to this to this to get into this and then to build this backdoor that allows them access.