The malware made lateral movements by stealing admin account credentials, and in just eight days after the initial infection, the Fabrikam’s entire network was shut down. Microsoft’s DART was involved in the incident response activities eight days after the first device on Fabrikam’s network was compromised. Threat actors also used these credentials to send phishing emails to other Fabrikam employees and to their external contacts in the attempt to infect the largest number of systems as possible. The virus avoided detection by antivirus solutions through regular updates from an attacker-controlled command-and-control (C2) infrastructure, and spread through the company’s systems, causing network outages and shutting down essential services for nearly a week.”Īttackers stole the employee’s user credentials and five days later used them to deliver and execute the Emotet payload. “After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services. (currently is not available but you can view the copy cache). In the report 002, we cover an actual incident response engagement where a polymorphic malware spread through the entire network of an organization.” reads the Microsoft DART announcement. “We are glad to share the DART Case Report 002: Full Operational Shutdown. The virus halted core services by saturating the CPU usage on Windows devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |