MORE FROM FORBES Gmail Hackers Target Google Accounts-Here's How To Stop Them By Davey Winder "However, as was the case with a number of attacks by actors such as LAPSUS$," Ferrett continues, "sometimes the act of compromising a corporate network itself can be enough for threat actors to gain mainstream publicity and underground ‘cred’, which can lead to further resources and collaboration in the future that could be more materially damaging."Īs Cisco confirmed in the initial reporting of this incident, the TTPs pointed to links between the UNC2447 initial access broker and its known associate, the Lapsus$ group.
From analyzing the directory leaked and Cisco’s statement, it seems that the data exfiltrated - both in size and content - is not of great importance or sensitivity," Louise Ferrett, a threat intelligence analyst at Searchlight Security, told me.
"Whether this incident was overstated by Yanluowang depends on perspective. The tactics, techniques, and procedures (TTPs) also showed some overlap with the Lapsus$ group, many of whom were arrested earlier in the year.Īugust 12 Update: The threat intelligence analyst’s perspective The threat actor, confirmed as an initial access broker with ties to a Russian group called UNC2447 as well as the Yanluowang ransomware gang was ejected from the network and prevented from re-entry despite many attempts over the following weeks.
0 kommentar(er)
