What are the chances this took place during working hours in China?

The article says it started on a Friday morning in Minnesota. It’s clear that that’s when the attack started and not a case of the first guy starting work that day discovering that it happened, because the article also says that they tried to contain it as it was going on, but ultimately failed.

Minnesota is at UTC-5 and China is at UTC+8, meaning when it’s morning in Minnesota, it’s already 13 hours later in China, i.e. middle of the night.

Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming "please hack me".

I don’t see anything in the article that states the attack started that morning. It says that i was “first noticed” early Friday morning:

According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25.

I’m not arguing it’s China, just that I didn’t see anything indicating they know when the attack started

Had to read the article to realise st Paul is a city name.

Also, could it be a 'the call is coming from inside the house " situation?

I remember pedo party hating this mayor. It was all over lemmy during simpler times.

With no ransom demand it's gotta be a state actor probing defenses and testing responses, right? I think first guesses would be Russia, China, Iran or maybe North Korea.

first guesses

Not so sure. Arent they known for being a queer friendly town?

Or maryland. The feds are not friends right now. Arguably ever, but definitely not right now.

Loving the completely unfounded speculation that it must be Eurasia Russia or Eastasia China in this thread.

Y'all are so deep in propaganda you don't even know it.

Political geography of Nineteen Eighty-Four - Wikipedia

(en.m.wikipedia.org)

North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack

Hackers from the infamous Lazarus Group are in a cat-and-mouse game to launder their stolen funds from the ByBit heist.

(www.bbc.com)

Firm hacked after accidentally hiring North Korean cyber criminal

The hacker downloaded sensitive data from the company and used it to send a ransom demand.

(www.bbc.com)

UK condemns Chinese cyber attacks against governments and businesses

The UK has today joined international allies to call out malicious cyber activity carried out by China.

(www.ncsc.gov.uk)

China Strategically Infiltrates U.S. Critical Infrastructure as Cyberattacks Escalate - The Soufan Center

A state-sponsored cyberattack on the U.S. Treasury Department by the Chinese Communist Party (CCP) in early December marks the latest escalation in Beijing’s use of hybrid tactics to undermine its strategic competitors while also seeking to gather sensitive intelligence and prepare for future potential conflict. Two weeks ahead of the inauguration of Donald Trump as […]

The Soufan Center (thesoufancenter.org)

Just a moment...

(cybermagazine.com)

Yeah. Definitely propaganda.

You poor thing.

Would you like to name other likely suspects? It's not standard criminals, there have been no ransom demands. And they're unlikely to piss off the govt to this extent. Which leaves state actors. Gee, wonder who it might be.

Also:

Chinese hackers spent 5 years waiting in U.S. infrastructure, ready to attack, agencies say

Chinese hackers have secretly hidden in U.S. infrastructure for years, ready to conduct a cyberattack if the two countries were to go to war.

NBC News (www.nbcnews.com)

reuters.com

(www.reuters.com)

Millions of Americans caught up in Chinese hacking plot - US

Seven Chinese men have been charged over a "sinister" hacking plot, the justice department says.

(www.bbc.com)

https://www.usatoday.com/story/news/nation/2024/03/25/china-hack-sanctions-politicians-us-uk/73099882007/

Chinese state-backed hackers breach US nuclear agency

Microsoft said hacking groups exploited security flaws to access document-sharing software used by the National Nuclear Security Administration.

(www.semafor.com)

How (and why) Russia hacked the US election

Hacking, fake news, information bubbles ... all these and more have become part of the vernacular in recent years. But as cyberspace analyst Laura Galante describes in this alarming talk, the real target of anyone looking to influence geopolitics is dastardly simple: it's you.

(www.ted.com)

https://cyber-peace.org/wp-content/uploads/2018/11/rpt-apt28.pdf

https://services.google.com/fh/files/misc/rpt-redline-drawn-china-espionage-en.pdf

Cyberwarfare and China - Wikipedia

(en.wikipedia.org)

I guess it's all just propaganda, huh. We're just a bunch of gullible buffoons.

should we get a list of foss projects that have had security issues? Or how about how someone slips some shit in upstream every few weeks it seems?

Stop this nonsense. You can hate Microsoft for legitimate reasons.

Literally anyone until proven guilty?

Yes. There are quite a few completely unfounded pieces stating it is Russia or China or North Korea behind thing X with no proofs whatsoever.

These do not go to prove your point.

Now, there were some proven cases, but attributing every attack to one of these now without judge and jury is nothing but blatant and bold propaganda.

So we can't guess who's responsible? Not even the most prominent ones?

Nobody's passing sentence, it's just speculation about guilty parties. Last I checked that was legal and in fact common discussion.

Did you get lost on the way to Lemmy.ml?

1.5 billion in crypto isn't something you can spend without attracting attention, of course it was them.

FBI, National Guard assist St. Paul as cyber-attackers force shutdown of Internet-based systems

St. Paul Mayor Melvin Carter declared a state of local emergency on July 29 following a days-long cyber attack on the city's Internet-based computer networks that led the city to call in the FBI and Gov. Tim Walz to enlist ...

(techxplore.com)

reuters.com

(www.reuters.com)

Minnesota activates National Guard as cyberattack on Saint Paul disrupts public services | TechCrunch

Gov. Tim Walz activated the state military's cyber forces to help ensure public services continue to run as the city of Saint Paul battles an ongoing cyberattack.

TechCrunch (techcrunch.com)

So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down (they are quarantineing the whole system) on July 29 (Tuesday).

It seems to me that some kind of rather sophisticated threat actor managed to get into the core ... this techxplore article calls it a 'VPN', but it isn't technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.

This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack ... on itself?

I am having a really hard time finding any exact details on this, but this is my best guess.

Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.

It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which... could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn't the goal of the attackers... or some combination of both.