17 comments

[ 4.6 ms ] story [ 45.1 ms ] thread
https://news.ycombinator.com/item?id=39220528 - This seems to be a restatement/summary of the official writeup they put out a few days ago.
Yes. There's nothing more in that article than what we said in the blog.
Look again...

'Cloudflare Hacked by Suspected State-Sponsored Threat Actor' ___Security Week

'Thanksgiving 2023 security incident' ___Cloudflare

You are replying to one of the authors of the original report...
I reckon the implication is that the titles are different in a way that changes the flavor of the report substantially.
I know, I was pointing out the alarming difference in choice of title.
One is the title of the blog post (which I was heavily involved in writing), the other is a title of a news article that summarizes the blog post.
Threat actor is the new term for hacker.
and "nation-state" is the new "sophisticated sql injection"
Why not, maybe we can get the original meaning of the term hacker back at some point.
A hacker is an individual or a hacker group. When a state is involved we can think more about the typical work of intelligence agencies and/or cyberwar.
Threat actor is a more generic term that covers all kinds of attackers.

For example, it could be an insider who exploits existing privileges (no hacking involved). Or it could refer to a nation state or organised crime (not an individual).

What country? Article does not say.
One of the things that troubled me most in the vault 7 was the "attribution engineering toolkit".

Some sophisticated stuff goes into not just crafting function, but what something looks like

I am always sceptical... no, quite cynical, when a few days or hours after an incident someone pops up and says "It was the <Russians/Koreans/Chinese>"

Perhaps one of the most potent payloads in some hacks, perhaps even the overarching motive, is to pin the action on someone or something.

It raises the question, how much that really matters.

(comment deleted)