![]() ![]() These programs include the Vidar information-stealing Trojan, bankers, PS2EXE, and Cobalt Strike beacons. One command discovered utilizes PowerShell to download and execute a variety of programs on the compromised computer. Of note, we found the actor first tries to exfiltrate information, stealing the backup information and only then propagates the ransomware across the different infected machines" ![]() ![]() In addition, we discovered a source of data that indicates a data breach, which is currently under investigation by authorities. "Following additional investigation of the source of infection, we also identified multiple commands specifically targeting Windows data servers. In a conversation with Morphisec's Michael Gorelik, BleepingComputer was told that their investigations showed that the actor first attempted to exfiltrate data, steal backup information, and then when finished, installed the Zeppelin Ransomware as a final payload. The attacker then used the ScreenConnect software to execute a variety of commands that exfiltrate data from backup systems and download malware, post-exploitation tools, and data-stealing Trojans in order to further compromise the network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |