techxplore.com/…/2025-07-fbi-national-st-paul-cyb…
reuters.com/…/minnesota-calls-national-guard-afte…
techcrunch.com/…/minnesota-activates-national-gua…
So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down on July 29 (Tuesday).
It seems to me that some kind of rather sophisticated threat actor managed to get into the core … this article calls it a ‘VPN’, but it isn’t technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.
This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack … on itself?
I am having a really hard time finding any exact details on this, but this is my best guess.
Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.
It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which… could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn’t the goal of the attackers… or some combination of both.
Treczoks@lemmy.world 3 weeks ago
Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
derry@midwest.social 3 weeks ago
Project manager: at least I can blame the vendor
sp3ctr4l@lemmy.dbzer0.com 3 weeks ago
Entirely seriously, yes.
Most project managers I’ve ever met or known or worked with are basically incompetent technically, and very insecure / in denial about that, and thus vastly prefer the ‘safe’ option of someone else being responsible over the ‘risk’ of… hiring actual quality people that can make/support their own quality product.
CallMeAnAI@lemmy.world 3 weeks ago
🤣 should we get a list of foss projects that have had security issues?
Stop this nonsense. You can hate Microsoft for legitimate reasons.
toothpaste_ostrich@feddit.nl 3 weeks ago
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
disco@lemdro.id [bot] 3 weeks ago
Microsoft is getting hacked every other week.
trolololol@lemmy.world 3 weeks ago
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.