This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
Have you identified anything other than data exfiltration in the post exploitation investigation? From reading articles it appears that the MO for this attack is data exfiltration only, with extortion to follow. However, as cl0p ransomware have now claimed responsibility for this attack, I am worried that there may be files left on servers or persistence established on the local network/DMZ that may go undetected.
We are currently still going through the investigation stage for a customer and have deployed EDR, and are correlating logs on SIEM. Nothing identified post EDR checks, and from MOVEit and SIEM logs it looks like an exploit> priv esc on local app account > data exfil.
Just wondering if anyone has uncovered some nasty surprises post compromise?
I don't get it. Why was Arkansas using my data? I've never lived there. The letter says files they were using, with my data, were accessed via a vulnerability in the MOVEit software provided by Progress Software Corporation.
I got a letter notifying me my name/ssn/dob was accessed via a MOVEit breach associated with the Arkansas Division of Workforce Services. That's the Arkansas unemployment services agency.
I have never had any connections with Arkansas, have never applied for a job there, and have never lived in a state bordering Arkansas. I have only lived out West (and north of Texas), and in the North East.
Subreddit
Post Details
- Posted
- 1 year ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/cybersecuri...