#StolenCredentials

Christoffer S.nopatience@swecyb.com
2025-05-27

Targeted attacks against MSP:s, NATO and Ukraine. Two stories from Sophos and Microsoft published today.

The MSP-attack involved abusing vulnerabilities in SimpleHelp chaining a number of vulnerabilities. A little bit of a more advanced attack IMHO.

Then you have the NATO and Ukraine attacks as detailed by Microsoft, involving password spraying and likely bought credentials from criminal ecosystems.

Funny. Ransomware attackers are more advanced than APTs 🙂

References:
news.sophos.com/en-us/2025/05/

microsoft.com/en-us/security/b

#Cybersecurity #ThreatIntel #PasswordSpray #Password #StolenCredentials #APT #LAUNDRYBEAR #VoidBlizzard #Russia #NATO #Ukraine #SimpleHelp #Vulnerabilities #Vulnerability

ITF Tech LtdITF_TECH
2025-03-28

Keeping business accounts secure should be a top priority. What extra security do you have in place to protect sensitive data and even financial info?

2021-01-04

Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business - Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt... threatpost.com/ticketmaster-10 #formeremployeedataretention #departmentofjustice #illegaldataaccess #stolencredentials #stolenpasswords #artisttoolbox #insiderthreat #ticketcompany #ticketmaster #websecurity #livenation #songkick #hacks #hack #doj #fbi

2020-05-20

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested - The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authoritie... more: threatpost.com/alleged-hacker- #stolencredentials #recordedfuture #collection#1 #hackerforums #threatactor #government #briankrebs #darkweb #ukraine #breach #hacker #sanix

2020-01-20

FBI seizes credentials-for-sale site WeLeakInfo.com - The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a ... more: nakedsecurity.sophos.com/2020/ #credentials-for-sale #stolencredentials #securitythreats #northernireland #weleakinfo.com #netherlands #databreach #stolendata #law&order #dataloss #dataleak #fbi #uk #us

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst