Identity Attack Watch: September 2021

By Semperis Research Team September 24, 2021 | Uncategorized

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights a new U.S. government advisory about the escalation in Conti group attacks and surges in activity from the LockBit and BlackMatter groups.

Joint advisory from U.S. government warns about increased Conti group attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency released a joint statement urging organizations to guard against Conti ransomware group attacks by patching known vulnerabilities, including the Zerologon vulnerability in Active Directory domain controller systems.

Read more

LockBit group resurfaces with new Active Directory deployment technique

After a brief slowdown following increased scrutiny from law enforcement, the LockBit ransomware-as-a-service group has resumed operations with an expanded affiliate program and a shift in architecture that includes a new deployment method that automates delivery to Active Directory clients through Group Policy Objects (GPO).

Read more

Olympus camera manufacturer and Iowa farming co-op suffer attacks by BlackMatter

Global camera maker Olympus reported a ransomware attack attributed to BlackMatter, a group that emerged in July after the disappearance of DarkSide and uses similar tactics, including deploying ransomware through a scheduled task with a PowerShell script on a domain controller. BlackMatter also hit Iowa agricultural group New Cooperative in September.

Read more

More Resources

Want to strengthen defenses of your Active Directory against cyberattacks? Check out our latest resources.

About the author
Semperis Research Team
Semperis Research Team
The Semperis Research Team continuously studies the ways cyber criminals are plotting to compromise organizations' information systems—particularly by exploiting vulnerabilities in Active Directory—now and in the future. Their work provides guidance for the security community in protecting against AD-related attacks and informs the development of products that help organizations increase their cyber resilience. Linkedin
Unlock cyber resilience. Get a demo