Hafnium Microsoft Hack– Active Exploitation of Microsoft Exchange and Lateral Movement

Written by the Attivo Research Team – Contributing members: Gorang Joshi, Anil Gupta, Saravanan Mohan – Microsoft and Volexity have confirmed the active exploitation of vulnerabilities published by Microsoft in Exchange Server. Security research has attributed the exploitation to the Advanced Persistent Threat group known as Hafnium operating out of China. After the initial compromise, Hafnium operators accessed email accounts and deployed web shells on the compromised servers, which they then used to steal data and expand the attack. Since enterprises deploy Outlook Web Access (OWA) on public networks, it enabled the group to compromise many organizations across a large set of industries, according to ThreatPost’s blog.

American Security Today

Attivo Offers Limited-Time Software Use to Combat Privilege Escalation & Lateral Movement

Sophisticated nation-state adversaries who compromised a string of federal agencies in recent months used Kerberoasting to steal the passwords of agency employees and move laterally within compromised government networks, according to the latest guidance from the Department of Homeland Security. In an Emergency Directive, the agency instructs federal agencies to “take action to remediate kerberoasting,” …

Attivo Offers Limited-Time Software Use to Combat Privilege Escalation & Lateral Movement Read More »

Who is behind APT29? What we know about this nation-state cybercrime group

APT29 has been accused of targeting coronavirus vaccine organizations, but this is not the first time the group has attracted global attention … Who is behind APT29? What we know about this nation-state cybercrime group … Tony Cole, CTO at Attivo Networks, added: “It’s unfortunate that an actor such as APT29 with such sophisticated capabilities …

Who is behind APT29? What we know about this nation-state cybercrime group Read More »

EDN prevents viewing and accessing production data

Attivo Networks has expanded its Endpoint Detection Net (EDN) security solution. … It now offers file protection against ransomware attacks by hiding or denying access to productively assigned shares, cloud storage and selected files or folders. By hiding this information, EDN limits the malware’s ability to move around the network because it can only access …

EDN prevents viewing and accessing production data Read More »

Coronavirus: Russian Hackers Attack Vaccine Researchers

British and Western intelligence services are warning Russia’s APT29 hacking group is targetting Covid-19 vaccine researchers. … “APT29 has been successfully compromising systems now for over a decade across the globe,” explained Tony Cole, CTO at Attivo Networks. “The pandemic has given them a new and additional target to steal research to meet Russian Intelligence …

Coronavirus: Russian Hackers Attack Vaccine Researchers Read More »

illustrates cybersecurity reports

Recent Reports Shed Light on Today’s Cybersecurity Priorities

Authored by: Carolyn Crandall, Chief Deception Officer, Attivo Networks – For those in the cybersecurity industry, the Verizon Data Breach Investigations Report (DBIR) is one of the most anticipated publications of the year. The report always includes interesting data and research, helping to shed light on some of the most important issues facing the cybersecurity industry today. The 2020 DBIR is no exception, but it is also not the only interesting report published within the past several months. FireEye Mandiant has also released its M-Trends 2020 report and its 2020 Security Effectiveness report, and—taken together rather than individually—these new reports provide real insight into the state of the industry. Below, you can find our top 10 takeaways.

AI cybersecurity awards

Attivo Networks® Wins Best Threat Detection and Best Cyber Deception Awards from Acquisition International

Fremont, CA – May 8, 2019 – Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, today announced that Acquisition International has recognized the Attivo Networks ThreatDefend™ platform as the Most Advanced Threat Detection & Incident Response Platform in the 2019 Cyber Security Awards. Additionally, the company won a Corporate Excellence Award for Best Cybersecurity Deception Technology this year.

Attivo Networks® Receives Multiple Honors for Advanced Threat Detection Innovation in Cyber Defense Magazine’s 2019 InfoSec Awards

“As the cybersecurity industry gathers at RSA this week, we are honored to be recognized by the 2019 InfoSec Awards as a proven leader in deception solutions and in detecting advanced threats,” said Attivo Networks CEO, Tushar Kothari. “With the Attivo Networks platform, customers can deceive, direct, and divert adversaries away from critical assets while safely collecting intelligence on their activity. The power to identify advanced attackers and better understand adversaries is having a clear and direct impact in reducing time-to-detection and the time it takes to investigate and respond to attacks.”


APT heist of Singapore health data exploited Microsoft Outlook, inquiry finds

An advanced hacking operation that last year stole personal data on 1.5 million health care patients in Singapore, including the prime minister, targeted an unpatched version of Microsoft Outlook, an official inquiry has found. The hackers exploited a known vulnerability in Outlook using “a publicly available hacking tool, which allowed the attacker to install malware on compromised workstations,” says a more than 400 page report published Thursday by a government-backed commission.

Scroll to Top