Qilin ransomware gang has advanced its attack strategies, not just stealing data but also harvesting user credentials stored in Google Chrome browsers, a first in ransomware.
This new technique is a 'bonus multiplier for the chaos already inherent in ransomware situations,' according to the Sophos X-Ops research team, indicating greater risks for organizations.
After breaching a VPN portal without multifactor authentication, Qilin operatives conducted lateral movement and executed scripts to steal credentials stored on client machines via Chrome.
The proactive approach of Qilin in ensuring that their credential harvesting remained undetected is alarming, as they kept the Group Policy Object active for three days.
[
Collection
]
[
|
...
]