This is specifically related to the Hafnium mass-exploitation of an Exchange 0day earlier in the year, attributed by Microsoft to a state sponsored group operating out of China.
Also good example of the Federal Rule of Criminal Procedure 41(b)(6)(B) change solving the jurisdictional spaghetti minefield that this would otherwise have entailed
A: so um, what jurisdiction is this malware in
B: yes
A: no I mean where is the victim based, like, is this in Florida or Texas, like, which zipcodes
B: yes, all of the zipcodes.
You can follow @pwnallthethings.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: