Sophos researchers discovered that two threat actors groups had lurked in the network of a regional US government agency and performed reconnaissance and remote access operations for at least five months prior to deploying LockBit ransomware, BleepingComputer reports.
Attackers initially leveraged a misconfigured firewall's open desktop protocol to access the agency's network before using Google Chrome for downloading its attack toolset, which includes brute-forcing and scanning utilities, free file management and command execution tools, and a commercial VPN, the report revealed. Aside from exfiltrating valuable account credentials, threat actors also stole a local server admin's credentials. However, the operation was taken over by a more sophisticated attacker five months following the initial compromise, with the threat actor deploying Mimikatz and LaZagne for credential extraction. "On the first day of the sixth month of the attack, the attacker made their big move, running Advanced IP Scanner and almost immediately beginning lateral movement to multiple sensitive servers. Within minutes, the attacker has access to a slew of sensitive personnel and purchasing files," the report said. While Sophos has been able to shut down servers that enabled remote access, LockBit has already encrypted some of the agency's network.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news