Identity Attack Watch: May 2022

By Semperis Research Team May 31, 2022 | Active Directory

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights a CISA warning about May Windows updates, Conti cyberattacks on the Costa Rican government, and a credential stuffing attack that compromised GM car owners’ data.

CISA warns against installing May Windows updates on domain controllers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised agencies not to install patches for two elevations of privilege vulnerabilities in Kerberos and Active Directory Domain Services because they will cause authentication problems when deployed on Windows Server domain controllers.

Read more

Costa Rican president declares national emergency following Conti cyberattacks

The newly elected Costa Rican President Rodrigo Chaves declared a national emergency following cyberattacks executed by the Conti ransomware group that targeted multiple government entities. Conti’s tactics include compromising Active Directory domain credentials.

Read more

Verizon DBIR reveals that stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report (DBIR) found that nearly 50% of cyberattacks last year were caused by malicious actors using stolen credentials, which can then be leveraged to achieve domain dominance.

Read more

Threat actors compromise GM car owners’ data in credential stuffing attack

U.S. auto manufacturer General Motors (GM) reported that threat actors launched a credential stuffing attack that compromised GM car owners’ data by targeting GM’s online bills management and rewards platform.

Read more

More resources

About the author
Semperis Research Team
Semperis Research Team
The Semperis Research Team continuously studies the ways cyber criminals are plotting to compromise organizations' information systems—particularly by exploiting vulnerabilities in Active Directory—now and in the future. Their work provides guidance for the security community in protecting against AD-related attacks and informs the development of products that help organizations increase their cyber resilience. Linkedin
Unlock cyber resilience. Get a demo