"On the 18th day of the intrusion, during the second round of threat actor activity, the threat a...

Summary

A threat actor conducted a multi-stage intrusion culminating in ransomware deployment across an affected environment. The attack leveraged process injection into Winlogon to maintain persistence and execute final objectives. The incident demonstrates a sophisticated attack chain spanning over two weeks of reconnaissance and lateral movement before ransomware activation.

Indicators of Compromise

• mitre_attack — T1547.008
• mitre_attack — T1561.002

Entities