It seems we have a winner in the longest ever undetected intrusion in a insurance network.

That is for sure a deviation from the commonly cited 197 or something days.

What's interesting about this is also, if you stay undetected for 9 years, how far can you move in that datacenter, there must have been traffic flows showing lateral movement. This also shows how hard it is to detect that lateral movement.