GEBE NV RANSOMWARE HACK 101 ST MAARTEN
Hackers have used a Windows Defender tool to distribute undetected LockBit 3.0 ransomware on a system.
US computer security company SentinelOne was investigating the incident .
The attackers entered a server through a vulnerability in the Log4j logging program. They ran a number of commands in PowerShell, which included using Windows Defender’s MpCmdRun.exe command-line tool to set up a so-called Cobalt Strike ‘beacon’.
Cobalt Strike is legitimate software to perform system and network penetrations, but hackers now use it to set up a beacon, which allows malware to be uploaded to a server. In this case, it was LockBit 3.0 ransomware, which encrypts your files and demands cryptocurrencies as a ransom. https://www.sxmgovernment.com
It’s not the first time that LockBit 3.0 attackers have used legitimate software for their practices, VMWare’s own command-line interface has already come a long way .
MpCmdRun.exe in the Command Prompt.