Ransomware access broker steals accounts via Microsoft Teams phishing
In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file
Read More...In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file
Read More...The medium severity zero-day allows unauthorized remote attackers to conduct brute force attacks against existing accounts
Read More...Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S
Read More...Akira has been using compromised Cisco VPN accounts to breach corporate networks without needing to drop additional backdoors
Read More...They primarily attack education, government, manufacturing, and technology and managed service provider sectors
Read More...By targeting ESXi servers, a threat actor can encrypt many servers running as virtual machines in a single run of the ransomware encryptor
Read More...The ransomware operation doesn't have its own ransomware payload, however, it uses a custom information stealer to target specified file types
Read More...The gang has been observed gaining access to victim networks via remote desktop protocol (RDP) credentials that were likely acquired from initial access brokers or via phishing attacks
Read More...These add too many other unique, non-Babuk-based ransomware strains targeting VMware ESXi virtual machines discovered in the wild for several years
Read More...Researchers found that Cactus obtains initial access into the victim network by exploiting known vulnerabilities in Fortinet VPN appliances
Read More...