2022-03-15

CISA Update on Conti Ransomware

Level: 
Tactical
  |  Source: 
CISA
Cybersecurity
Information & Technology
Government
Share:

CISA Update on Conti Ransomware

The Cybersecurity & Infrastructure Security Agency (CISA), updates alert AA21-265A, tracking Conti ransomware providing new indicators of compromise (IOC) associated with the group. The most prevalent attack vectors, the agency warns for Conti, include the use of Trickbot and Cobalt Stike. The Conti Group has impacted over 1,000 organizations against the U.S and internationally. A variety of techniques has been observed by the ransomware group, with initial access obtained typically through phishing emails or stolen accounts. A variety of post-compromise techniques are provided by CISA including RDP brute force attack, Kerberos attacks, running discovery command to enumerate the network, spread via SMB, stop services and deleting shadow copies.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now