As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s roundup, LockBit and Play ransomware groups claim cyberattacks on the City of Oakland and a new malware toolkit called AlienFox emerges.

Threat actors use AlienFox toolkit to steal credentials

Cyberattacks are using a toolkit called AlienFox to scan for misconfigured servers and steal credentials for cloud-based email servers.

Read more

Play, LockBit ransomware groups claim attack on City of Oakland

LockBit ransomware-as-a-service (RaaS) group, whose tactics include exploiting Active Directory Group Policy, claimed an attack on the City of Oakland and threatened to leak data—without offering proof that it had the data—just weeks after the Play gang leaked information online, including employees’ personal information.

Read more

LockBit targets wholesale office product distributor Essendant

Wholesale office product distributor Essendant was hit by LockBit, causing a wide-spread network outage that prevented fulfillment of online orders.

Read more

LockBit claims attack on Los Angeles housing authority

LockBit also claimed an attack on the Housing Authority of the City of Los Angeles, a state agency that provides affordable housing and job training.

Read more

The post Identity Attack Watch: AD Security News, March 2023 appeared first on Semperis.