tldrdailynews.com logo
Tag

Credential Harvesting

All articles tagged with #credential harvesting

MuddyWater Uses Teams to Harvest Credentials and Subvert MFA in Chaos False-Flag Campaign
cybersecurity19 days ago

MuddyWater Uses Teams to Harvest Credentials and Subvert MFA in Chaos False-Flag Campaign

Security researchers describe a MuddyWater operation that exploited Microsoft Teams for external contact and screen-sharing to harvest user credentials (credentials.txt/cred.txt) and push MFA changes, followed by backdoor access using DWAgent and AnyDesk. The attackers deployed a custom RAT (Game.exe) and used C2 domains linked to MuddyWater, framing the intrusion as a Chaos ransomware false-flag campaign focused on credential theft and data exfiltration rather than encryption. The campaign featured indicators like a forged code-signing certificate and stolen credentials enabling lateral movement to Domain Controllers.

via CyberSecurityNews|
#credential-harvesting#cybersecurity#mfa
Qilin Ransomware: A Hybrid Linux-ByOVD Attack Exploiting Windows Tools
cybersecurity7 months ago

Qilin Ransomware: A Hybrid Linux-ByOVD Attack Exploiting Windows Tools

The Qilin ransomware group has been actively targeting organizations since 2022, using sophisticated hybrid attacks that combine Linux ransomware with BYOVD exploits, credential theft, and legitimate IT tools to bypass security measures and compromise both Windows and Linux systems, primarily affecting the manufacturing and professional services sectors.

via The Hacker News|
#byovd-exploit#credential-harvesting#cross-platform-attack
Russian Hackers Disrupted After Targeting Europe and Ukraine with Malware and Phishing
cyber-attack-credential-harvesting2 years ago

Russian Hackers Disrupted After Targeting Europe and Ukraine with Malware and Phishing

The Russian GRU-backed APT28 group, also known as BlueDelta, has been targeting European networks, particularly in Ukraine, with the HeadLace malware and credential-harvesting web pages. The campaigns, running from April to December 2023, utilized spear-phishing emails and sophisticated multi-stage infection sequences. BlueDelta's operations aimed to gather intelligence on military-related entities, employing various techniques including geofencing, legitimate internet services, and compromised Ubiquiti routers. The group's activities reflect a broader strategy to influence military tactics and regional policies amidst ongoing aggression against Ukraine.

via The Hacker News|
#apt28#credential-harvesting#cyber-attack-credential-harvesting