Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
Hide Your RDP: Password Spray Leads to RansomHub Deployment https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/
30/06/2025 06:47:21
QRCode
archive.org
thumbnail
  • Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period.
  • Mimikatz and Nirsoft were used to harvest credentials, with evidence of LSASS memory access.
  • Discovery was accomplished using living-off-the-land binaries as well as Advanced IP Scanner and NetScan.
  • Rclone was used to exfiltrate data to a remote server using SFTP.
  • The threat actor deployed RansomHub ransomware network wide, which spread over SMB and was executed using remote services.
thedfirreport EN 2025 incident-response report RDP password-spray RansomHub
4467 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio