As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To help IT and identity security professionals understand and improve AD security, the Semperis Research Team publishes a monthly roundup of recent identity-related cyberattacks. This month’s highlights include the LockBit ransomware group’s recent attacks on a Portuguese water utility and ION financial software, both of which involved exploiting Active Directory Group Policy vulnerabilities.

LockBit hits Portuguese water utility and ION financial software

The LockBit ransomware group, whose tactics include exploiting Active Directory Group Policy vulnerabilities, claimed responsibility for an attack on the Portuguese water utility Aguas e Energia do Porto and an attack on ION Group, a financial software company. LockBit also claimed the January cyberattack on Royal Mail.

Read more

New crypto-mining malware targets Microsoft Exchange ProxyShell flaws

New malware called ProxyShellMiner uses Microsoft Exchange ProxyShell vulnerabilities to deploy crypto-mining software through a Windows domain. In addition to causing service outages, slowing server performance, and overheating computers, the malware creates a backdoor that can be used for code execution.

Read more

More resources

How to Evaluate Identity Threat Detection & Response (ITDR) Solutions | Semperis
3 Steps to Protect AD from Wiperware | Semperis
SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover | Semperis


The post Identity Attack Watch: February 2023 appeared first on Semperis.