if the goal is to gain access to HSM’s signing functionality and you don’t need to know the HSM’s keys to gain access to its signing functionality then something else is being guarded that is essentially the key.. For example be it a machine locked in a room, then the room key is the key. Or maybe someone’s retina, or a sign-off from someone with clearance, etc. (at least in theory)
That’s a general theory though, but I’d think the same fundamentals apply
Also this only serves to prove that some powerful entity that operates on secrecy, like a government or mega corp, is likely who executed this. I’d like to fantasize some suave, determined black market salesman with a rough childhood and his band of cyber criminals broke into both of these facilities, but seeing how difficult it is to accomplish something like this, it seems more likely that someone just let them in through the front door.
That’s a general theory though, but I’d think the same fundamentals apply
Also this only serves to prove that some powerful entity that operates on secrecy, like a government or mega corp, is likely who executed this. I’d like to fantasize some suave, determined black market salesman with a rough childhood and his band of cyber criminals broke into both of these facilities, but seeing how difficult it is to accomplish something like this, it seems more likely that someone just let them in through the front door.