Answer: Provided in the explanation segment
Explanation:
Below is a detailed explanation to make this problem more clearer to understand.
(1). We are asked to determine whether the systems have been compromised;
Ans: (YES) From the question given, We can see that the System is compromised. This is so because the plan of communication has different details of scenarios where incidents occur. This communication plan has a well read table of contents that lists specific type of incidents, where each incident has a brief description of the event.
(2). Whether the analyst’s assertion has valid grounds to believe it is Chinese state-sponsored.
Ans: I can say that the analyst uses several different internet protocol address located in so as to conduct its operations, in one instance, a log file recovered form an open indexed server revealed tham an IP address located is used to administer the command control node that was communicating with the malware.
(3). What other threat intelligence can be generated from this information?
Ans: The threat that can be generated from this include; Custom backdoors, Strategic web compromises, and also Web Server exploitation.
(4). How would that help shape your assessment?
Ans: This helps in such a way where information is gathered and transferred out of the target network which involve movement of files through multiple systems.
Files also gotten from networks as well as using tools (archival) to compress and also encrypt data with effectiveness of their data theft.
cheers i hope this helped!!!
