Part 1 – The Ransomware Attack Truesec has documented how Russian ransomware gangs profit from being left alone by Russian law enforcement, but connections seem to go even deeper. Initial Attack and Takeover In October 2020, the Russian-based threat actor known as “Evil Corp” conducted a ransomware attack against a major corporation. The attack vector […]
We have recently seen an increase in ransomware targeting VMware vSphere ESXi hosts and encrypting all virtual machines at once. You can secure your ESXi hosts from ransomware by following these three simple steps, using TPM, Secure Boot and the ESXi setting execInstalledOnly.
It is hard to determine who is the actual perpetrator behind cybercrime operations, with enough confidence for law enforcement to issue warrants for arrest. Even pinpointing which country the actors are operating from is hard to do with 100% certainty. At the same time, there are more than enough indices to say with relatively high […]
This post contains information and data related to an on-going investigation of Microsoft Exchange Zero-Day ProxyLogon and associated vulnerabilities actively exploited and attributed to HAFNIUM. Any changes and edits made to this blog post will be noted at the top of the post. Update list 2021-03-08 16:29 CET – Added web shell details 2021-03-09 11:20 […]
Vad är egentligen ett red team-test och varför behöver man göra det i sin organisation? Här reder vi ut begreppet red teaming – en sorts ”etisk hacking”. Målet är att identifiera en organisations sårbarheter för cyberattacker.