APT Encounters of the Third Kind


This was a bit hard to follow, but if I'm understanding the author correctly:

  • Edge gateways with a custom kernel and a Go app that terminates SSL

  • Malicious NFS server that reads decoded HTTP traffic from the Go app's memory space and exfiltrates it

  • Via the kernel which has also been patched/backdoored

  • The exploits have a self-destruct mechanism built in.