GEBE NV RANSOMWARE HACK 101 ST MAARTEN

Recognise This Guy? 3New Photos… Alleged Attempted Break In St Maarten Latest

Hackers have used a Windows Defender tool to distribute undetected LockBit 3.0 ransomware on a system.

https://www.stmaartennews.org

US computer security company SentinelOne was investigating the incident .

The attackers entered a server through a vulnerability in the Log4j logging program. They ran a number of commands in PowerShell, which included using Windows Defender’s MpCmdRun.exe command-line tool to set up a so-called Cobalt Strike ‘beacon’.

Cobalt Strike is legitimate software to perform system and network penetrations, but hackers now use it to set up a beacon, which allows malware to be uploaded to a server. In this case, it was LockBit 3.0 ransomware, which encrypts your files and demands cryptocurrencies as a ransom. https://www.sxmgovernment.com

It’s not the first time that LockBit 3.0 attackers have used legitimate software for their practices, VMWare’s own command-line interface has already come a long way .

MpCmdRun.exe in the Command Prompt.

Source: SentinelOne