Our Cyber Incident Response team recently observed the threat actor group Lorenz using a 5-month-old web shell (a malicious script that compromises the web server) as a way into a victim’s network and foothold for a ransomware attack. Here, they discuss how the vulnerability was discovered, how the group covered its tracks and if this incident was a case of ‘initial access brokerage’. Read more about the case: https://insights.s-rminform.com/lorenz-cyber-intelligence-briefing-special
Get new episodes of S-RM Insider automatically
