Identity Attack Watch: AD Security News, February 2023

By Semperis Research Team February 28, 2023 | Active Directory

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To help IT and identity security professionals understand and improve AD security, the Semperis Research Team publishes a monthly roundup of recent identity-related cyberattacks. This month’s highlights include the LockBit ransomware group’s recent attacks on a Portuguese water utility and ION financial software, both of which involved exploiting Active Directory Group Policy vulnerabilities.

LockBit hits Portuguese water utility and ION financial software

The LockBit ransomware group, whose tactics include exploiting Active Directory Group Policy vulnerabilities, claimed responsibility for an attack on the Portuguese water utility Aguas e Energia do Porto and an attack on ION Group, a financial software company. LockBit also claimed the January cyberattack on Royal Mail.

Read more

New crypto-mining malware targets Microsoft Exchange ProxyShell flaws

New malware called ProxyShellMiner uses Microsoft Exchange ProxyShell vulnerabilities to deploy crypto-mining software through a Windows domain. In addition to causing service outages, slowing server performance, and overheating computers, the malware creates a backdoor that can be used for code execution.

Read more

More resources


About the author
Semperis Research Team
Semperis Research Team
The Semperis Research Team continuously studies the ways cyber criminals are plotting to compromise organizations' information systems—particularly by exploiting vulnerabilities in Active Directory—now and in the future. Their work provides guidance for the security community in protecting against AD-related attacks and informs the development of products that help organizations increase their cyber resilience. Linkedin
Unlock cyber resilience. Get a demo