CySecurity News – Latest Information Security and Hacking Incidents
Cybersecurity researchers have unearthed an interesting ransomware campaign in which the malicious actors employed custom tools commonly used by APT (Advanced Persistent Threat) groups.
Earlier this week, Security Joes’ researchers published a report highlighting attackers’ modus operandi to target one of its clients in the gambling industry. During the attack, the ransomware operators used custom open-source tools.
The operational strategies, methodology of targeting victims, and malware customization capabilities signify a potential link between APT and ransomware operators, explained the report from Security Joes. However, no concrete evidence has been uncovered till now.
The attackers employed a modified version of the Ligolo, a reverse tunneling utility available for pentesters on GitHub, and a custom tool to dump credentials from LSASS. According to the Security Joes team, the ransomware campaign showcased excellent ransomware training and knowledge of threat actors. The stolen SSLVPN credentials of one of the employees helped attackers to penetrate the victim’s systems, followed by admin scans and RDP brute-force, and then credential harvesting efforts.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: