Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.
Worked at a sloppy startup MSP. A few years after I left a former coworker told me they discovered (after they finally got an EDR) that all the pre-deploy boxes on the sandboxed LAN waiting to be moved to the datacenter were being compromised after the kickstarts finished. The deployment box had been owned since they didn’t deploy it in the sandbox, which didn’t exist at the time. Whoever did it kept from being detected for years. Then I guess they got bored and used the whole DC to DOS someone. He thinks they noticed the EDR and the gig was up. Good times.