Note:
As part of the analyzed intrusions, public-facing applications and valid accounts were abused for initial access. The state-sponsored hackers targeted Ivanti, Cisco, Fortinet, VMware, and Palo Alto Networks appliances, as well as Apache Struts and other web-facing platforms.

- Are these 100% American products? Buying American doesn’t mean we are safe.
- The tactics used here show exactly how stealthy malware can be. A shell triggered by a particular byte sequence? Something that puts its payload in the 26th byte? Kernel layer BPF? Container components. Traffic that blends in.
- How would you spot this? If you want to learn cybersecurity that’s the kind of thing you need to understand. Even if you know cybersecurity it is not easy!

https://www.securityweek.com/chinese-hackers-caught-deep-within-telecom-backbone-infrastructure/