Amazon security experts took a closer look at the flagged ‘U.S. remote worker’ and determined that their remote laptop was being remotely controlled – causing the extra keystroke input lag.
With access to the final remote desktop, and access to the workers laptop you know the delay from these two so if there is more delay, then you can infer it’s coming from somewhere else? I’m sure there are more paths too but access to the North Koreans hardware doesn’t seem required
Also worth pointing out that this was a flagged employee (probably from something like data access logs) so they would be under more scrutiny and surveillance than the average employee
With access to the final remote desktop, and access to the workers laptop you know the delay from these two so if there is more delay, then you can infer it’s coming from somewhere else? I’m sure there are more paths too but access to the North Koreans hardware doesn’t seem required
also, time between key presses on the compromised machine could indicate network lag to what is actually a Remote Desktop.
Also worth pointing out that this was a flagged employee (probably from something like data access logs) so they would be under more scrutiny and surveillance than the average employee