Kevin Mandia

And all of a sudden we see Chinese threat groups since about late 2020, at least from my observables, hack in and we don't know why, because they're not the tank through the cornfield. They're hacking in and just, that's it. There's no other activity. And then you're like, why are they there? And it's maybe they have access later. Maybe it's to mine user IDs and passphrases.

And all of a sudden we see Chinese threat groups since about late 2020, at least from my observables, hack in and we don't know why, because they're not the tank through the cornfield. They're hacking in and just, that's it. There's no other activity. And then you're like, why are they there? And it's maybe they have access later. Maybe it's to mine user IDs and passphrases.

There's no better way to compromise any organization then you can just log in, period. It's the best way to breach an organization is log into it the same way the employees do. There's just no evidence. And that's what living off the land means. There's no malicious code. There's no backdoor. There's good operational security. If they created a log file that's suspicious, they would edit it.

There's no better way to compromise any organization then you can just log in, period. It's the best way to breach an organization is log into it the same way the employees do. There's just no evidence. And that's what living off the land means. There's no malicious code. There's no backdoor. There's good operational security. If they created a log file that's suspicious, they would edit it.

When they wanted to go surreptitious, they were good at it. And that's the thing about digital evidence. You can edit it or delete it. You can change it. It's different than the physical world. You can do some wonderful things if you're on offense and you have the patience and time and skill to do it.

When they wanted to go surreptitious, they were good at it. And that's the thing about digital evidence. You can edit it or delete it. You can change it. It's different than the physical world. You can do some wonderful things if you're on offense and you have the patience and time and skill to do it.

I think that's what's happening here and that's why there's been additional concern. It's way harder to investigate. So when Mandy and folks go out to figure out what happened and you're up against a group like Little Typhoon, you know they're there.

I think that's what's happening here and that's why there's been additional concern. It's way harder to investigate. So when Mandy and folks go out to figure out what happened and you're up against a group like Little Typhoon, you know they're there.

You see these terrible little scraps of, yeah, they looked at this one file, but you know they looked at 10,000 files and the evidence has only given you the one. And you're like, oh my God, I'm getting less than 1% visibility into what they're doing here. And unless you have great identity security, great identity monitoring, you're not going to catch these folks that live off the land.

You see these terrible little scraps of, yeah, they looked at this one file, but you know they looked at 10,000 files and the evidence has only given you the one. And you're like, oh my God, I'm getting less than 1% visibility into what they're doing here. And unless you have great identity security, great identity monitoring, you're not going to catch these folks that live off the land.

And that phrase, I'm going to explain it again, it means the attackers are accessing a organization's network the same way the organization does, period. Same user IDs, same passphrases, same programs. There's nothing special. They've learned your network so well that they look like they're part of your network. And that's really hard to investigate.

And that phrase, I'm going to explain it again, it means the attackers are accessing a organization's network the same way the organization does, period. Same user IDs, same passphrases, same programs. There's nothing special. They've learned your network so well that they look like they're part of your network. And that's really hard to investigate.

It's not impossible, but it does change how we look at things. We have to do forensics a little differently.

It's not impossible, but it does change how we look at things. We have to do forensics a little differently.

Nobody really knows if the gloves came off in cyberspace between China and the US, what would really happen. Like, is it pandemonium? I've had the privilege of lecturing on modern warfare, and even I'm not so sure of the collateral damage, but I do know that a lot of things would get less predictable and it would be eerie. Like if the gloves came off in cyberspace,

Nobody really knows if the gloves came off in cyberspace between China and the US, what would really happen. Like, is it pandemonium? I've had the privilege of lecturing on modern warfare, and even I'm not so sure of the collateral damage, but I do know that a lot of things would get less predictable and it would be eerie. Like if the gloves came off in cyberspace,

The impact of it, you know, some companies can make phone calls, some can't. Some companies, the gate rises when you go to park and sometimes you can't. Services might shut down. We don't really know the impact just yet and how widespread it would be because we don't understand all the complex dependencies. So it's really hard to even know what to fear.

The impact of it, you know, some companies can make phone calls, some can't. Some companies, the gate rises when you go to park and sometimes you can't. Services might shut down. We don't really know the impact just yet and how widespread it would be because we don't understand all the complex dependencies. So it's really hard to even know what to fear.

What I'm hopeful about is the gloves just don't come off. I don't think they do till they come off kinetically. I really don't think people are just going to unleash everything they've got in cyber. I don't think we've seen China's total A-game.

What I'm hopeful about is the gloves just don't come off. I don't think they do till they come off kinetically. I really don't think people are just going to unleash everything they've got in cyber. I don't think we've seen China's total A-game.