The attackers' primary goal appears to be obtaining domain administrator credentials and gaining access to a system where intellectual property is stored, according to Symantec. The attackers' behavior has varied slightly with each compromise, but once the intellectual property is found, they copy the contents to a handful of internal systems that have been designated as a staging area. The data is then uploaded to a remote server, which was traced to a virtual private server (VPS) in the United States and owned by a “20-something male located in the Hebei region in China,” according to Symantec.
Let Prohm's Posse Ride: Georges, Georgios, 3sus, Hallice, Deonte, Dustin, Abdel, Monte, Matt, and McKaT.
All content owned by CycloneFanatic.com - All rights reserved 2005-09. By viewing this website you agree to the Terms of Service, Site Rules and Legal Disclaimer. The words, views, images and opinions expressed or provided by users do not reflect the opinions or views of CycloneFanatic.com or Iowa State University. The names, words, symbols, and graphics representing Iowa State University are trademarks and copyrights of the University protected by the trademark and copyright laws of the United States of America and other countries and are used on this web site under license from the University. Original site design, premise & construction by Jeremy Lind.