@freemo I got infected a few months ago. It’s already terminal. :ablobdizzy:

@salcedo This is my second company where I enacted nixos across the entire company... im as terminal as you can get :)

@freemo @salcedo How is NixOS working on those Toughbooks? It's the Laptop Gun from Perfect Dark.

Follow

@freemo @salcedo They are good laptops but the OEM has participated in Supply Chain Attacks for a long time. All the back doors that were accidentally left in and APTs from the Mainland targeting them with ease.

It's usually Firmware and UEFI that I've seen compromised. It would have to be the Chinese APTs responsible. I've never seen such impressive and efficient exploitation. I've seen Chinese software bypass Knox without tripping alarms back when it was an accomplishment. I've seen it hit Thinkpads bypassing the CPU security processor and other hardware security without it being noticed. It wasn't old hardware, it was still under warranty in some cases.

I hope you have an ace up your sleeve. None of my hardware was able to pull a sample. It's a shame because that was beautiful malware and I would have loved to have a sample. It was persistent, evasive and took me a few hours to recognize there was a threat and how deep it was. It wiped itself after discovery only leaving the same behavior after.

I can't say where I found it. I will say that their Sys Admin couldn't remote brick the device. They were upsetti spaghetti that I found something and used a little trick to bypass some of the security.

I'm not going to say that a portable firewall/router with custom settings will stop everything but it can buy some time or perhaps stop the vPro kill signal.

This was somewhere during the early Covid Years and the closest thing I could find to the capabilities of it was something that was used on NK by China. Even Kaspersky wasn't able to get a complete sample.

TL;DR Thinkpads are to businesses what MacBooks are to Art Schools. The supply chain is sketchy with the company having an odd history of over powered exploits and the firmware is locked down enough to prevent easy analysis. Just be careful with those laptops. I'm not a pro but I'm certainly not a novice. I still don't fully understand how it got past the Sys Admin but I would defend their actions because Certifications displaced useful information in their mind.

Β· Β· Tusky Β· 0 Β· 0 Β· 0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.