Jeremy Kirk (@jkirk.bsky.social) / @Jeremy_Kirk (RSS Feed) on Nostr: Interesting review of a September ransomware incident by @ReliaQuest ...
Interesting review of a September ransomware incident by @ReliaQuest (https://nitter.moomoo.me/ReliaQuest) involving IPs used before by Scattered Spider-ish TAs. Two points: 1) TAs moved from cloud to on-prem in less than an hour 2) Probably accessed a LastPass vault #infosec (https://nitter.moomoo.me/search?q=%23infosec)reliaquest.com/blog/scattere… (https://www.reliaquest.com/blog/scattered-spider-attack-analysis-account-compromise/)
https://nitter.moomoo.me/pic/card_img%2F1730283260939210752%2FYfnHikV1%3Fformat%3Djpg%26name%3D800x419
https://nitter.moomoo.me/Jeremy_Kirk/status/1729010612041331069#m
https://nitter.moomoo.me/pic/card_img%2F1730283260939210752%2FYfnHikV1%3Fformat%3Djpg%26name%3D800x419
https://nitter.moomoo.me/Jeremy_Kirk/status/1729010612041331069#m