As reported in BleepingComputer, an automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May-22, two of the attacks happening within just two hours.
The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection.
While dual ransomware attacks are increasingly common, “this is the first incident we’ve seen where three separate ransomware actors used the same point of entry to attack a single organization,” Sophos X-Ops incident responders said in a report.
Read more by clicking the button below.
