Nefilim Ransomware Attack Uses “Ghost” Credentials

Dan Kobialka reports: Sophos researchers have discovered a Nefilim ransomware attack in which an unmonitored account belonging to a deceased employee was used to infiltrate more than 100 systems. During the cyberattack, a Nefilim threat actor exploited vulnerable Citrix software, Sophos indicated. The actor gained access to the Citrix admin account and stole the credentials for a domain admin account using the Mimikatz open-source application. Read more on MSSPAlert!DataBreaches.netRead More