< ciso
brief />
Tag Banner

All news with #initial access broker tag

22 articles · page 2 of 2

Attackers Exploit ScreenConnect Features for Network Access

🔒 DarkAtlas researchers warn that APT groups are leveraging legitimate RMM platforms to gain initial access, increasingly favoring ScreenConnect as it evades basic detection. Attackers abuse features like unattended access, VPN, REST API and file transfer, deploy in-memory installers that leave little disk artefacts, and register persistent services such as ScreenConnect.WindowsClient.exe. Defenders should monitor invite links, config files, in-memory activity and specific event IDs for effective DFIR.
read more →

MedusaLocker RaaS Recruits Penetration Testers Globally

🔒 MedusaLocker, a ransomware-as-a-service (RaaS) group active since 2019, has posted a dark web job advert openly recruiting penetration testers and insiders who already have direct access to corporate networks. The advert explicitly instructs applicants not to apply unless they possess network access, signalling a preference for initial access brokers and company insiders. CISA previously linked MedusaLocker to exploitation of RDP vulnerabilities, and the group’s tactic highlights the blurred line between legitimate pentesting and criminal activity. Organisations should prioritise layered defenses, authorised penetration testing, and strict controls over remote access and privileged accounts.
read more →