Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
Money Message: A hidden guest in corporate networks in Australia
Message
<blockquote data-quote="Brianwill" data-source="post: 717" data-attributes="member: 15"><p>Finance, accounting, and reports are sent to hackers and then securely encrypted.</p><p></p><p>In August 2023, the Sophos was brought in to support an organization in Australia infected with the Money Message ransomware. This attack vector, known for its stealth, does not add any extensions to encrypted data, making it difficult for victims to identify encrypted files by searching for such extensions.</p><p></p><p>The attack reviewed by Sophos experts began with the hacking of an account with one-factor authentication to access a corporate VPN. The attackers then disabled Microsoft Defender protection using Group Policy.</p><p></p><p>Next, they used the psexec utility to run a script to enable RDP and gain remote access to the company's network. After that, the attackers managed to steal the hive SAM registry file with all the passwords using a special Python script.</p><p></p><p>The attackers gained access to the company's financial data, accounting records, sales reports, and personnel information. The data was then output via the MEGAsync cloud service. For subsequent encryption, two versions of the ransomware were used — for Windows and Linux.</p><p></p><p>To protect against such attacks, organizations need to implement MFA for VPNs, monitor whether protection is disabled, restrict access via RDP, and strengthen control over confidential data. It is also vital to use EDR solutions.</p><p></p><p><a href="https://carder.market/login/" target="_blank">https://carder.market/login/</a></p></blockquote><p></p>
[QUOTE="Brianwill, post: 717, member: 15"] Finance, accounting, and reports are sent to hackers and then securely encrypted. In August 2023, the Sophos was brought in to support an organization in Australia infected with the Money Message ransomware. This attack vector, known for its stealth, does not add any extensions to encrypted data, making it difficult for victims to identify encrypted files by searching for such extensions. The attack reviewed by Sophos experts began with the hacking of an account with one-factor authentication to access a corporate VPN. The attackers then disabled Microsoft Defender protection using Group Policy. Next, they used the psexec utility to run a script to enable RDP and gain remote access to the company's network. After that, the attackers managed to steal the hive SAM registry file with all the passwords using a special Python script. The attackers gained access to the company's financial data, accounting records, sales reports, and personnel information. The data was then output via the MEGAsync cloud service. For subsequent encryption, two versions of the ransomware were used — for Windows and Linux. To protect against such attacks, organizations need to implement MFA for VPNs, monitor whether protection is disabled, restrict access via RDP, and strengthen control over confidential data. It is also vital to use EDR solutions. [URL='https://carder.market/login/'][/URL] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
Money Message: A hidden guest in corporate networks in Australia
Top