this post was submitted on 18 Jun 2026
109 points (98.2% liked)

Technology

85515 readers
3999 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
109
Massive breach spills credentials for thousands of sensitive networks (arstechnica.com)
submitted 15 hours ago by return2ozma@lemmy.world to c/technology@lemmy.world
7 comments fedilink hide all child comments
top 7 comments
sorted by: hot top controversial new old
[–] HeyJoe@lemmy.world 2 points 2 hours ago

Ugh, my work domain is on here... but its showing an unknown IP as the url for access so maybe not lol?

[–] IratePirate@feddit.org 11 points 9 hours ago (2 children)

In the interview, Diachenko put it more succinctly. “The scale is the sophistication,” he said.

The scale shows dedication (and deep pockets). The methods used - apart from the recursive dictionary attacks - were pretty mundane, as far as the report goes.

They then used a custom binary with 25,000 threads to spray hundreds of thousands of those endpoints with thousands of login and password combinations. Successful attempts now gave the attackers a “network tap inside the organization.”

Shouldn't these fairly unsophisticated "spray-and-pray" brute force attempts show up in logs and at least alert security personnel that an active attack was underway?

the attackers went on to “actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis.” From there, they used the GPU cluster to crack the hashes, meaning to try massive combinations of plain-text passwords until they found the right one.

Again, not particularly sophisticated, but supported by heavy machinery to burn energy and money to do the actual work. Again, I ask: shouldn't these types of attempts be mitigated by sufficiently long hashes? Even a 45-GPU cluster can be exhausted by hash length, can't it?

[–] BlackVenom@lemmy.world 1 points 2 hours ago (1 children)

Oh they absolutely show up in logs. And if they're half competent, this also would cause MFA prompts to users... And lockouts... So IT tickets too.

Yet...

[–] IratePirate@feddit.org 1 points 1 hour ago

*crickets*

[–] Beangut@lemmy.world 5 points 8 hours ago

Especially for a company that specialises in cybersecurity, yikes.

[–] MonkderVierte@lemmy.zip 3 points 8 hours ago (1 children)

Fortinet at it again.

[–] BlackVenom@lemmy.world 1 points 2 hours ago

This is dumb orgs and admins