Originally Posted by
Marco Polo
Fancy Bear or North Korea training ops or extortion ?
Air China partners with CX so has access to most data anyway
Over such a period of time the external experts must know the IP sources of the port attacks, and whether they are VPNs
Nop, repeated infections over this a long period, implies undetected infected internal systems (possible even firewalls and the like), which contact command servers through TOR. Forensic Investigation of the infections itself might reveal programmer origins.
I certainly would not rule out big brother USA, there are parts in the world, they don't have "cooperation" agreements with and only for flights to/from the USA passenger data is share with them ......
NK does need money, not the info about person/phone/email relations.
Fancy Bear, yeah sure, with them, you know, they eaves drop on wifi networks locally from outside the building, as found at some time ago in The Netherlands. A pretty easy and certain way to intrude an organization, undetected.