GlobeImposter Ransomware With MedusaLocker Spreading Via RDP
A GlobeImposter ransomware campaign was discovered being carried out by the attackers behind MedusaLocker.
The threat actors are suspected to have brute-forced systems with RDP enabled to gain initial access.
Various tools were used to dump passwords and perform reconnaissance including Mimikatz Advanced Port Scanner and the NirSoft Network Password Recovery tool.
In addition to encrypting files the threat actor installed XMRig to mine for digital assets.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe