The Hacker News report published Monday says operators assessed as working for Chinese state intelligence maintained access inside U.S. research and defense networks for twelve months before detection. The monitoring infrastructure inside those same networks was also running for twelve months. That is not a tradecraft story.
A separate BleepingComputer report the same day describes the same actor class breaching medical research servers, planting malware, and staging data for exfiltration, a targeting pattern across defense, research, and healthcare consistent with pre-positioning for aggregated intelligence collection rather than any single immediate operation. Log retention is the structural problem here. Many APAC mid-tier financial institutions retain network telemetry for 90 days; when dwell time runs to twelve months, the 14-day notification window in MAS TRM Guidelines (2021 revision) cannot start because the evidence needed to confirm impact has already been overwritten. The first formal test of whether "confirmed impact" requires active detection or merely a credible attribution window falls to MAS's technology risk examination schedule, currently confirmed for Q3 2026.