It would've been hilarious if that red team compromised their systems, only to find out that another actually malicious actor had already set up shop
>"After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response.
It's 2024 and basic online infrastructure security, let alone incident response really is still just a complete theater and clown show. But let's keep spending more on C-levels and after-the-fact contractors, then post our infosec roles at $15/hour so we can blame them when the paper mache tower we run our business on crumbles.