GlobeImposter Ransomware With MedusaLocker Spreading Via RDP
A GlobeImposter ransomware campaign was discovered being carried out by the attackers behind MedusaLocker.
The threat actors are suspected to have brute-forced systems with RDP enabled to gain initial access.
Various tools were used to dump passwords and perform reconnaissance including Mimikatz Advanced Port Scanner and the NirSoft Network Password Recovery tool.
In addition to encrypting files the threat actor installed XMRig to mine for digital assets.
Featured Resources
View More Resources
From Vulnerability to Validation
See how Cymulate connects vulnerabilities to real attack scenarios to validate what’s actually exploitable.
Threat Validation Demo
See how Cymulate helps security teams quickly validate protection against new threats and get answers in minutes
From Control Validation to Exposure Validation
See how security teams move from control validation to true exposure validation using real-world attack scenarios