Nefilim Ransomware Attack Uses “Ghost” Credentials

Dan Kobialka reports:

Sophos researchers have discovered a Nefilim ransomware attack in which an unmonitored account belonging to a deceased employee was used to infiltrate more than 100 systems.

During the cyberattack, a Nefilim threat actor exploited vulnerable Citrix software, Sophos indicated. The actor gained access to the Citrix admin account and stole the credentials for a domain admin account using the Mimikatz open-source application.

Read more on MSSPAlert!

About the author: Dissent

Comments are closed.