At 2:14 a.m. Eastern time on Tuesday, a single monitoring alert was logged inside Reddit’s network operations center in Northern Virginia. The message was routine in form: an unauthorized outbound packet sequence, the kind of low-level noise that infrastructure teams resolve a dozen times a week. An on-call engineer acknowledged it, ran a standard diagnostic, and found nothing. Forty-seven minutes later, there were eleven thousand of them. By dawn, Reddit’s entire security division had been mobilized. By midmorning, they had called Mandiant, one of the country’s premier incident-response firms. By early afternoon, Mandiant had contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. By Wednesday morning, CISA had escalated the matter to the National Security Council. The reason for that escalation, according to four people with direct knowledge of the investigation who spoke on condition of anonymity because they were not authorized to discuss the matter publicly, is not that someone broke into Reddit’s systems. It is that, after four days of investigation involving some of the most sophisticated threat-analysis infrastructure in the world, nobody can determine what did. “We know what nation-state intrusions look like,” said one federal official familiar with the inquiry. “We know what ransomware gangs look like. We know what insider threats look like. We know what zero-day exploits look like. This doesn’t look like any of those things. What it looks like is something we don’t have a category for.” submitted by /u/Metabolical
Originally posted by u/Metabolical on r/ArtificialInteligence