It tells you, “DHS’s Cybersecurity and Infrastructure Security Agency (CISA) offers cybersecurity best practices for securing US networks.”

CISA workforce cut by nearly one-third so far

The agency has lost roughly 1,000 staffers in the wake of the Trump administration’s workforce cuts.

Source: https://www.cybersecuritydive.com/news/cisa-departures-trump-workforce-purge/749796/

Dude gave anyone looking for forensic clues a layup

would lock every employee out of their accounts if his credentials were ever revoked, and named the code IsDLEnabledinAD, as in “Is Davis Lu enabled in Active Directory.”

That’s kind of an easy figure out: look for all the D.L.s in the company and work from there. But then

investigators subsequently found the source code for this program on an internal development server in Kentucky, and that Lu’s user account had been used to execute the malware on the production box. Lu was also the only member of his team who had access privileges for that dev machine.

This guy left an easy forensic trail.