Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
Attackers used publicly available penetration testing and exploitation tools, the FiveHands ransomware, and the SombRAT remote access Trojan to steal information, obfuscate files, and demand ransom, officials report. They also used publicly available tools for network discovery and credential access.
The initial access vector in these attacks was a zero-day vulnerability in a virtual private network (VPN). In its recommendations to organizations, the CISA advises using multifactor authentication, particularly on all VPN connections, external-facing services, and privileged accounts. It also advises decommissioning unused VPN servers, which could be an entry point.
Analysis of the FiveHands ransomware is still ongoing; CISA plans to update its report as new information becomes available.
Read the full Analysis Report and Malware Analysis Report for more details.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024