As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s roundup, LockBit and Play ransomware groups claim cyberattacks on the City of Oakland and a new malware toolkit called AlienFox emerges.
Threat actors use AlienFox toolkit to steal credentials
Cyberattacks are using a toolkit called AlienFox to scan for misconfigured servers and steal credentials for cloud-based email servers.
Play, LockBit ransomware groups claim attack on City of Oakland
LockBit ransomware-as-a-service (RaaS) group, whose tactics include exploiting Active Directory Group Policy, claimed an attack on the City of Oakland and threatened to leak data—without offering proof that it had the data—just weeks after the Play gang leaked information online, including employees’ personal information.
LockBit targets wholesale office product distributor Essendant
Wholesale office product distributor Essendant was hit by LockBit, causing a wide-spread network outage that prevented fulfillment of online orders.
LockBit claims attack on Los Angeles housing authority
LockBit also claimed an attack on the Housing Authority of the City of Los Angeles, a state agency that provides affordable housing and job training.