Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM… Continue reading Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

Microsoft Teams phishing: Enterprises targeted by ransomware access broker

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,&#82… Continue reading Microsoft Teams phishing: Enterprises targeted by ransomware access broker

Attackers use portable executables of remote management software to great effect

Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federa… Continue reading Attackers use portable executables of remote management software to great effect

Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands

The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, “according to … Continue reading Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands

Cisco has been hacked by a ransomware gang

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. #Yanluowang #ransomware is claiming to have breached #Cisco ! Without any further info… Continue reading Cisco has been hacked by a ransomware gang

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was f… Continue reading Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

The TTPs of Conti’s initial access broker

Automation might be the way to go for many things, but a recently published report by Google’s Threat Analysis Group (TAG) shows why targeted phishing campaigns performed by human operators are often successful, and how the Conti ransomware gang … Continue reading The TTPs of Conti’s initial access broker

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene. Continue reading Who is the Network Access Broker ‘Wazawaka?’