Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
Navigating Through The Fog https://thedfirreport.com/2025/04/28/navigating-through-the-fog/
28/04/2025 12:42:23
QRCode
archive.org
thumbnail
  • An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance, exploitation, lateral movement, and persistence.
  • Initial access was gained using compromised SonicWall VPN credentials, while other offensive tools facilitated credential theft, exploitation of Active Directory vulnerabilities, and lateral movement.
  • Persistence was maintained through AnyDesk, automated by a PowerShell script that preconfigured remote access credentials.
  • Sliver C2 executables were hosted on the server for command-and-control operations, alongside Proxychains tunneling.
  • The victims spanned multiple industries, including technology, education, and logistics, across Europe, North America, and South America, highlighting the affiliate’s broad targeting scope.
thedfirreport EN 2025 SonicWall VPN ransomware Fog AnyDesk PowerShell
4460 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio