Ryuk ransomware deployed two weeks after Trickbot infection

Ionut Ilascu reports:

Researchers at SetinelOne have detailed the activity observed from logs on a Cobalt Strike server that TrickBot used to profile networks and systems.

Once the actor took interest in a compromised network, they used modules from Cobalt Strike threat emulation software for red teams and penetration testers.

One component is the DACheck script to check if the current user has Domain Admin privileges and check the members of this group. They also used Mimikatz to extract passwords that would help with lateral movement.

Read more on BleepingComputer.

Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm

Related: