SUBJECT: Surviving a Long-Term Persistence Attack (APT).
The "BrickStorm" malware campaign (attributed to UNC5221) compromises Edge Appliances and vCenter servers. The terrifying metric is the Dwell Time.
During those 393 days, the attacker gains Admin Credentials. With standard encryption (BitLocker), if they have the Admin Password, they have the data. The keys are static. The castle walls do not move.
HoloSec assumes the network is already compromised. Even if the attacker has Root Access and the Admin Password, they cannot decrypt the "Vaulted" files because they lack the local, offline Time Keys.
The Time Key is stored in the user's isolated local database (or paper backup). The attacker has the lock and the password, but they cannot find the door because they are operating in the wrong time coordinate.
STATUS: DECLASSIFIED
AUTHOR: ARCHITECT_ZERO