The DPRK group’s attempts to exfiltrate data and install RMM tools by posing as US IT workers is one of several examples that show cross-domain analysis is needed to tackle rising identity-based attacks, according to CrowdStrike’s counter adversary team, as the company reels in the worldwide outage’s wake.
So how exactly do they stop the infiltrators from defecting once they’re inside the company in another country that is visibly less awful than NK?
They never leave the country.