ACTIVE DIRECTORY – Page 18 – Cybersecurity News Everyday

Qbot and Zerologon Lead To Full Domain Compromise

February 9, 2022November 2, 2024 Securonix

In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware.

Soon after execution of the Qbot payload, the malware established C2 connectivity and created persistence on the beachhead. Successful exploitation of the Zerologon vulnerability (CVE-2020-1472) allowed the threat actors to obtain domain admin privileges.…

Threat Research

StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike

January 21, 2022November 2, 2024 Securonix

StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”). The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders and the CrowdStrike Intelligence team.…

Threat Research

MoonBounce: the dark side of UEFI firmware

January 11, 2022November 2, 2024 Securonix

What happened?

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.…

Tag: ACTIVE DIRECTORY

Qbot and Zerologon Lead To Full Domain Compromise

StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike

MoonBounce: the dark side of UEFI firmware