All news with #unit 42 incident response report tag

Anatomy of a BlackSuit Ransomware Blitz at Manufacturer

🔐 Unit 42 responded to a significant BlackSuit ransomware campaign after attackers obtained VPN credentials via a vishing call and immediately escalated privileges. The adversary executed DCSync, moved laterally with RDP/SMB using tools like Advanced IP Scanner and SMBExec, established persistence with AnyDesk and a custom RAT, and exfiltrated over 400 GB before deploying BlackSuit across ~60 ESXi hosts. Unit 42 expanded Cortex XDR visibility from 250 to over 17,000 endpoints and used Cortex XSOAR to automate containment while delivering prioritized remediation guidance.