Identity Attack Watch: April 2022

Semperis Research Team

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against cyberattacks targeting Active Directory, the Semperis Research Team offers this monthly roundup of recent attacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights BlackCat attacks that triggered an FBI warning, a Conti group attack on Panasonic, a Hive hit on a California health company, and more.

BlackHat ransomware activity triggers FBI warning

The U.S. Federal Bureau of Investigation (FBI) issued a warning about BlackCat (aka ALPHV) ransomware-as-a-service (RaaS) group, which has attacked dozens of organizations globally since November 2021. Suspected of being connected to REvil and to the BlackMatter (Darkside) group that hit Colonial Pipeline in May 2021, BlackCat targets Active Directory to gain entry into information systems before dropping malware.

Russian companies hit by leaked Conti ransomware

Tools originally developed by Russian ransomware group Conti and leaked by a Ukrainian ransomware developer were used to attack multiple Russian companies. Conti’s tactics include gaining Active Directory domain admin credentials before deploying ransomware.

Hive ransomware group attacks Partnership HealthPlan of California

Ransomware group Hive claimed responsibility for an attack that extracted private data for 850,000 members of Partnership HealthPlan of California. Among other tactics, Hive uses remote admin software to infiltrate systems and establish persistence, then deploys tools such as ADRecon to map the AD environment.

Conti claims responsibility for attack on Panasonic’s Canadian operations

In the second breach since November 2021, Panasonic reported that its Canadian operations were the victim of a targeted cyberattack. Conti ransomware group, which recently hired former TrickBot talent to expand its ability to compromise Active Directory domain credentials, claimed responsibility.

Semperis makes the Deloitte Tech Fast 500 list three years in a row

Semperis ranks top five fastest growing cybersecurity companies in America

Semperis Wins CRN’s Prestigious Partner Program Guide Two Consecutive Years

The CISO's Take on Identity-First Security featuring Simon Hodgkinson

Semperis Named to Fortune Magazine's 2023 Cyber 60 List'

Identity Attack Watch: April 2022

BlackHat ransomware activity triggers FBI warning

Russian companies hit by leaked Conti ransomware

Hive ransomware group attacks Partnership HealthPlan of California

Conti claims responsibility for attack on Panasonic’s Canadian operations

More resources

Semperis makes the Deloitte Tech Fast 500 list three years in a row

Semperis ranks top five fastest growing cybersecurity companies in America

Semperis Wins CRN’s Prestigious Partner Program Guide Two Consecutive Years

The CISO's Take on Identity-First Security featuring Simon Hodgkinson

Semperis Named to Fortune Magazine's 2023 Cyber 60 List'

Identity Attack Watch: April 2022

BlackHat ransomware activity triggers FBI warning

Russian companies hit by leaked Conti ransomware

Hive ransomware group attacks Partnership HealthPlan of California

Conti claims responsibility for attack on Panasonic’s Canadian operations

More resources

Sign Up for the Latest Semperis News