Nefilim Ransomware Attack Uses “Ghost” Credentials
Dan Kobialka reports:
Sophos researchers have discovered a Nefilim ransomware attack in which an unmonitored account belonging to a deceased employee was used to infiltrate more than 100 systems.
During the cyberattack, a Nefilim threat actor exploited vulnerable Citrix software, Sophos indicated. The actor gained access to the Citrix admin account and stole the credentials for a domain admin account using the Mimikatz open-source application.
Read more on MSSPAlert!