this post was submitted on 01 Aug 2025

229 points (97.9% liked)

Technology

73534 readers

3648 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

229

St. Paul, MN, was hacked so badly that the National Guard has been deployed (arstechnica.com)

submitted 1 day ago by return2ozma@lemmy.world to c/technology@lemmy.world

60 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] dumples@midwest.social 42 points 1 day ago (1 children)

The national guard here is looking around for men in black masks in front of computers throughout the city. Its crazy

[–] prole@lemmy.blahaj.zone 25 points 1 day ago (1 children)

Is this a joke or are you serious?

Goddamn it, I can't tell anymore

[–] dumples@midwest.social 12 points 1 day ago

They found him

It's a joke....

[–] JohnAnthony@lemmy.dbzer0.com 16 points 1 day ago

but at least Abilene was insured against such an attack

Oh, well that's great. I hope the people, whose identity, medical records, or whatever else was stolen will be compensated accordingly. Would be a shame if the money went into building a new, just as unsafe system.

Not that anyone gives a fuck. At this point the argument is "your data had probably already been stolen somewhere else"...

[–] sp3ctr4l@lemmy.dbzer0.com 48 points 1 day ago* (last edited 1 day ago) (1 children)

https://techxplore.com/news/2025-07-fbi-national-st-paul-cyber.html

https://www.reuters.com/world/us/minnesota-calls-national-guard-after-st-paul-slammed-by-digital-attack-2025-07-29/

https://techcrunch.com/2025/07/30/minnesota-activates-national-guard-as-cyberattack-on-saint-paul-disrupts-public-services/

So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down (they are quarantineing the whole system) on July 29 (Tuesday).

It seems to me that some kind of rather sophisticated threat actor managed to get into the core ... this techxplore article calls it a 'VPN', but it isn't technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that.

This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack ... on itself?

I am having a really hard time finding any exact details on this, but this is my best guess.

Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor.

It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which... could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn't the goal of the attackers... or some combination of both.

[–] SheeEttin@lemmy.zip 3 points 1 day ago (1 children)

Yeah that's a vpn

[+] sp3ctr4l@lemmy.dbzer0.com 0 points 1 day ago* (last edited 1 day ago) (1 children)

[removed by mod]

[–] SheeEttin@lemmy.zip 2 points 1 day ago (1 children)

The primary purpose of a VPN is to create a tunnel between two networks, hence the name "virtual private network". I'm very familiar with them as I work with these systems for a living.

[–] L3s@lemmy.world 8 points 1 day ago* (last edited 1 day ago)

I'm guessing some people don't know (or forgot) that site-to-site and remote access VPN's are a thing, and was the initial purpose of VPN's. Masking or hiding your location became a benefit after the fact, and todays more common client VPN is technically a remote access VPN with a new purpose.

Remote access VPN's are a very common attack vector for companies, look up companies compromised with Fortinet gear and its typically through the firewalls VPN.

In fact, a primary purpose of a VPN, spoofing your IP/geolocation, pretending you are someone you aren't... is pretty much antithetical to a highly controlled system of users with varying levels of access to specific, private areas of that system.

Most modern remote access VPN's do exactly that, so it is not antithetical at all and is how most client VPN's keep you from accessing other users data. I would encourage you to read up on WireGuard and the like, they are fun to learn about and awesome tools when configured properly.

Also, we removed the above comment because the last sentence was fairly rude and violates rule 3 @sp3ctr4l@lemmy.dbzer0.com

[–] Treczoks@lemmy.world 82 points 1 day ago (13 children)

Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming "please hack me".

[–] derry@midwest.social 24 points 1 day ago (1 children)

Project manager: at least I can blame the vendor

[–] sp3ctr4l@lemmy.dbzer0.com 14 points 1 day ago (1 children)

Entirely seriously, yes.

Most project managers I've ever met or known or worked with are basically incompetent technically, and very insecure / in denial about that, and thus vastly prefer the 'safe' option of someone else being responsible over the 'risk' of... hiring actual quality people that can make/support their own quality product.

[–] Saleh@feddit.org 4 points 1 day ago (1 children)

Did you consider that project managers often have to follow all sorts of company standards, have to figure out a way to get a dozen departments with conflicting standards together, on top of that have to catch the stupid ideas from the upper-management and marketing without telling the upper-management that they have no idea what they are talking about, on top of getting something actually done in the project?

Because often the level of tech competency has very little to do with the decision corridor that the project manager has, given everything else.

[–] sp3ctr4l@lemmy.dbzer0.com 8 points 1 day ago (1 children)

Yep.

I've been one.

Thats how I know what I am saying.

Like you're not even challenging what I'm saying really, you admit that most PMs are technically incompetent, because their job is mainly playing office politics.

It didn't used to be this way.

And it still doesn't have to be.

A good PM is someone who actually knows their relevant field, and can also do some office politics, but much more importantly, is a responsible and helpful team leader.

A person with only an MBA just has a degree in how to play office politics and gaslight people.

[–] SheeEttin@lemmy.zip 1 points 1 day ago

It's always been that way, and always will be. Most people are mediocre at most things.

load more comments (12 replies)

[–] SlartyBartFast@sh.itjust.works 24 points 1 day ago (2 children)

What's Saint Paul gonna do about it?

Complain to Jesus?

[–] Etterra@discuss.online 3 points 16 hours ago

[–] WaffleWarrior@lemmy.zip 6 points 1 day ago (1 children)

🙄

[–] notsure@fedia.io 0 points 1 day ago

...your lack of faith is, disturbing...

[–] disco@lemdro.id 8 points 1 day ago (1 children)

Isn't there an upcoming election in St. Paul?

[–] JaymesRS@piefed.world 15 points 1 day ago* (last edited 1 day ago)

Minneapolis and St Paul (Cross-River sister cities, St Paul is the State Capital) both have mayoral elections on November 4, 2025. The one you’ve been seeing mentioned more likely is the Minneapolis one where the DFL (State Democratic Party) endorsed a candidate for the first time in a bit and it was the challenger to the incumbent Democratic candidate, so it’s been in the news.

[–] justlemmyin@lemmy.world 13 points 1 day ago (1 children)

Had to read the article to realise st Paul is a city name. 😅

Also, could it be a 'the call is coming from inside the house " situation?

I remember pedo party hating this mayor. It was all over lemmy during simpler times.

[–] JaymesRS@piefed.world 7 points 1 day ago

Probably not the mayor, the governor of the state was the VP candidate for Kamala Harris.

[–] Hegar@fedia.io 3 points 1 day ago (2 children)

With no ransom demand it's gotta be a state actor probing defenses and testing responses, right? I think first guesses would be Russia, China, Iran or maybe North Korea.

[–] piecat@lemmy.world 2 points 1 day ago

Or some bored teenager somewhere

[–] outhouseperilous@lemmy.dbzer0.com 5 points 1 day ago (1 children)

first guesses

Not so sure. Arent they known for being a queer friendly town?

[–] decended_being@midwest.social 1 points 1 day ago (1 children)

Yes we are

[–] outhouseperilous@lemmy.dbzer0.com 2 points 1 day ago

So probably some fuckers you paid for with fed taxes. We should really stop doing that.

load more comments