Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.
This month, the Semperis Research Team highlights a new U.S. government advisory about the escalation in Conti group attacks and surges in activity from the LockBit and BlackMatter groups.
Joint advisory from U.S. government warns about increased Conti group attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency released a joint statement urging organizations to guard against Conti ransomware group attacks by patching known vulnerabilities, including the Zerologon vulnerability in Active Directory domain controller systems.
LockBit group resurfaces with new Active Directory deployment technique
After a brief slowdown following increased scrutiny from law enforcement, the LockBit ransomware-as-a-service group has resumed operations with an expanded affiliate program and a shift in architecture that includes a new deployment method that automates delivery to Active Directory clients through Group Policy Objects (GPO).
Olympus camera manufacturer and Iowa farming co-op suffer attacks by BlackMatter
Global camera maker Olympus reported a ransomware attack attributed to BlackMatter, a group that emerged in July after the disappearance of DarkSide and uses similar tactics, including deploying ransomware through a scheduled task with a PowerShell script on a domain controller. BlackMatter also hit Iowa agricultural group New Cooperative in September.
More Resources
Want to strengthen defenses of your Active Directory against cyberattacks? Check out our latest resources.