The use of credential harvesting in connection with ransomware infections is unusual and could have significant consequences for cybersecurity practices.
Once the attacker reached the domain controller, they created a Group Policy Object to harvest credentials from users logging into their devices.
The attacker deployed a PowerShell script to extract credential data from Chrome browsers and left it active for three days, maximizing data theft.
With the stolen credentials, affected users must change passwords for every third-party site, complicating recovery efforts post-attack.
[
Collection
]
[
|
...
]