BleepingComputer reports that the Quantum ransomware was able to complete an attack from initial infection to complete device encryption within a span of three hours and 44 minutes, making it one of the quickest ransomware attacks.
Security researchers at The DFIR Report discovered that Quantum ransomware achieved initial access through the IcedID malware distributed through a phishing email with an ISO file attachment. Attackers then move to bypass detection by deploying Cobalt Strike into a C:WindowsSysWOW64cmd.exe process two hours following initial infection before exfiltrating Windows domain credentials.
"For the next hour, the threat actor proceeded to make RDP connections to other servers in the environment. Once the threat actor had a handle on the layout of the domain, they prepared to deploy the ransomware by copying the ransomware (named ttsel.exe) to each host through the C$ share folder," said DFIR, which added that the Quantum ransomware payload was deployed through WMI and PsExec.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.