Or whoever was visiting sites they shouldn’t have on company computers.
Or someone was phished. There are some sophisticated phishers out there who will go through some trouble to trap the inattentive into revealing propriatery information about a target company.
People expect small organizations to slip up. But organizations that control critical information, traffic, and resources...brrr!
I suppose it’s bad enough that we already know Congress is already riddled with spies from China, Pakistan, and everywhere else!
Yes. I know firsthand a lot of Chinese students and employees at a big university were only there to send passwords, usernames and details about gaining access back to China.
IT guy said to me there are hundreds of external attempts to break in each day at this one university. Listed China and Russia but many others. It does not even do any defense or research work. However, my idea is they communicate with the ones who do, and especially with the big resedarch and tech companies elsewhere. Might ask for technical journal articles or scientific papers on file.
So, gain access to the unimportant university then use their passwords to access the others with defense and high security data. Indirect but works eventually if one person makes a mistake due to phishing. Especially with those real appearing false web pages and counterfeit email setups.
Saw one diagram showing how they do it. One panel was “Bill, is this genuine?” with counterfeit fraudster replying using the real looking information “Sure, Ted. I had dealings with him and he’s legit. Stop worrying.”
“whoever was visiting sites they shouldn’t have on company computers”
There are some systems that should not be connected to the internet. The problem is good old fashioned hubris on the part of people who design and deploy these systems. They truly believe that nobody can hack THEIR program or penetrate THEIR firewall.