The group attacked over two dozen government agencies in Western Europe and the United States, and compromised associated personal accounts of employees.
I’m not surprised in the slightest. The politicians and managers in charge of said gov systems are usually of an age that have no idea the basics of how technology works, let alone infosec importance. It’s then contracted out to the lowest bidder on deadlines that wouldn’t permit proper hardening anyways. It’s not even a US specific issue, Australians deal with this dumb fuckery regularly.
Then you get some piss poor public apology, someone gets thrown under a bus, and the cycle repeats ad infinatum.
I’m not surprised in the slightest. The politicians and managers in charge of said gov systems are usually of an age that have no idea the basics of how technology works, let alone infosec importance. It’s then contracted out to the lowest bidder on deadlines that wouldn’t permit proper hardening anyways. It’s not even a US specific issue, Australians deal with this dumb fuckery regularly.
Then you get some piss poor public apology, someone gets thrown under a bus, and the cycle repeats ad infinatum.