
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry - longdefeat
https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/
======
oars
When a server is hacked and files are copied out of the server, how do admins
figure this out?

I'm running an Ubuntu server and if someone was to SSH into my machine and SCP
some files to their own, delete the "SCO" command from the bash history then
log out, I would have no clue right?

~~~
thedracle
Beyond normal system logs --- you can set up auditd to track very specific
things, like executables, files being written to, copied, modified.

I work on endpoint protection software that goes deeper, using ebpf and a
driver for older kernels to track specific syscalls, and look for things like
permission escalations, forking and then doing naughty things, for instance.
It's more meant for aggregating this data to a backend that then analyzes it
and provides a panel that alerts security folks to unusual behavior.

------
xt00
I mean it’s hard to understand what’s going on here.. it’s probably a
coincidence that China’s 13th 5 year plan included trying to dramatically grow
their domestic semiconductor industry and now their 14th 5 year plan wants
them to become a dominant force in that area. Yea just total coincidence,
people get hacked all the time.

------
boomboomsubban
A strange set of targets, moving between MMO currency manipulation to
"pillaging the Taiwanese semiconductor industry."

