
Chinese cyberspies breached TeamViewer in 2016 - zdw
https://www.zdnet.com/article/chinese-cyberspies-breached-teamviewer-in-2016/
======
orf
Imagine a situation where an APT has been around your network for 3 years
without your single, old and crusty “security guy” noticing a thing, and is
only detected after they cause excessive CPU load on a database server whilst
running a bad query.

Would you be keeping the appropriate logs to know for sure if they had
accessed customer information? Couldn’t you say to yourselves “well we have no
proof that they accessed any customer information, because we have no logs at
all!” and therefore not need to contact the German authorities?

They where all over the network for _years_. What do you think they accessed?
Just a thought.

