Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…| The DFIR Report
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…| The DFIR Report