Good day everyone! The DFIR Report released their latest report detailing an attack that involved two different adversaries, one acted as the distributor while the other filled the role of hands on keyboard. #TA551 was responsible for the phishing campaign and a #Nokoyawa ransomware affiliate was responsible for the rest! I hope you enjoy this and find it as useful as I did, and as always, #HappyHunting!

HTML Smuggling Leads to Domain Wide Ransomware
https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

Some MITRE ATT&CK TTPs (Thanks to the DFIR team):
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment

TA0002 - Execution
T1509.001 - Command and Scripting Interpreter: Powershell

TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task

TA0009 - Collection
T1560 - Archon Collected Data

TA0005 - Defense Evasion
T1027.006 -Obfuscated Files or Information: HTML Smuggling

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #MitreMonday