![]() The advisory also underscores that affiliates previously linked to the Vice Society ransomware group, alternatively recognized as Vanilla Tempest or DEV-0832 according to Microsoft, have shifted to utilizing Rhysida ransomware payloads in their attacks. Furthermore, Rhysida actors employ phishing attacks and exploit the Zerologon vulnerability (CVE-2020-1472), a critical flaw facilitating Windows privilege escalation through Microsoft's Netlogon Remote Protocol. This strategy has been notably successful against organizations lacking default Multi-Factor Authentication (MFA) across their systems. Initial access into victims' networks and the persistence within these networks are achieved by breaching external-facing remote services, often through the exploitation of stolen credentials. ![]() The Rhysida ransomware perpetrators tend to target sectors like education, healthcare, manufacturing, information technology, and government as "targets of opportunity." Operating on a ransomware-as-a-service (RaaS) model, Rhysida actors infiltrate organizations spanning diverse sectors, and any ransom payments received are distributed among the group and its affiliates. A collaborative cybersecurity advisory released on November 15, 2023, furnishes defenders with indicators of compromise (IOCs), detection specifics, and the tactics, techniques, and procedures (TTPs) employed by Rhysida, based on investigations conducted up to September 2023. Recent findings from the US Department of Health and Human Services (HHS) have also attributed attacks on healthcare entities to the Rhysida gang. This ransomware variant gained significant attention after breaching the Chilean Army in May 2023 and subsequently exposing pilfered data. On November 15, 2023, the FBI and CISA issued a cautionary notice concerning the Rhysida ransomware gang, which has been carrying out opportunistic attacks across a spectrum of industries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |