this post was submitted on 01 Aug 2025
245 points (98.0% liked)
Technology
73567 readers
3546 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
https://techxplore.com/news/2025-07-fbi-national-st-paul-cyber.html
https://www.reuters.com/world/us/minnesota-calls-national-guard-after-st-paul-slammed-by-digital-attack-2025-07-29/
https://techcrunch.com/2025/07/30/minnesota-activates-national-guard-as-cyberattack-on-saint-paul-disrupts-public-services/
So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down (they are quarantineing the whole system) on July 29 (Tuesday).
It seems to me that some kind of rather sophisticated threat actor managed to get into the core ... this techxplore article calls it a 'VPN', but it isn't technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.
This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack ... on itself?
I am having a really hard time finding any exact details on this, but this is my best guess.
Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.
It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which... could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn't the goal of the attackers... or some combination of both.
Yeah that's a vpn
The primary purpose of a VPN is to create a tunnel between two networks, hence the name "virtual private network". I'm very familiar with them as I work with these systems for a living.
I'm guessing some people don't know (or forgot) that site-to-site and remote access VPN's are a thing, and was the initial purpose of VPN's. Masking or hiding your location became a benefit after the fact, and todays more common client VPN is technically a remote access VPN with a new purpose.
Remote access VPN's are a very common attack vector for companies, look up companies compromised with Fortinet gear and its typically through the firewalls VPN.
Most modern remote access VPN's do exactly that, so it is not antithetical at all and is how most client VPN's keep you from accessing other users data. I would encourage you to read up on WireGuard and the like, they are fun to learn about and awesome tools when configured properly.
Also, we removed the above comment because the last sentence was fairly rude and violates rule 3 @sp3ctr4l@lemmy.dbzer0.com