Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Cybercriminals Exploit NTLMv2 Hashes

September 12, 2023
Reading Time: 1 min read
in Alerts

A newly identified cyber attack campaign, codenamed “Steal-It” by Zscaler ThreatLabz, is utilizing a PowerShell script associated with a legitimate red teaming tool to steal NTLMv2 hashes from compromised Windows systems.

Furthermore, the campaign primarily targets systems in Australia, Poland, and Belgium and employs multiple infection chains, all starting with phishing emails containing ZIP archives. These chains include an NTLMv2 hash stealing infection chain, a system info stealing chain targeting Australian users, a Fansly whoami chain enticing Polish users, and a Windows update chain aimed at Belgian users.

The attackers, believed to possess significant technical expertise, use customized versions of the Nishang PowerShell script for their operations. Additionally, they exfiltrate stolen NTLMv2 hashes using Mockbin APIs, enhancing their ability to evade detection. One notable aspect of the campaign is its resemblance to tactics previously associated with the Russian state-sponsored threat actor APT28.

In one case, the Computer Emergency Response Team of Ukraine (CERT-UA) highlighted a similar attack sequence in May 2023 as part of an APT28 campaign against Ukrainian government institutions, raising the possibility of a connection between the two. The attackers’ persistence and adaptability underscore their dedication to maintaining prolonged access to compromised systems.

Reference:
  • samratashok / nishang
  • A New Cyber Attack Campaign Steals NTLMv2 Hashes Using PowerShell Script
Tags: Cyber AlertCyber Alerts 2023cyber attackCybercriminalCybersecurityNTLMv2PowerShellSeptember 2023VulnerabilitiesWindowsZscaler ThreatLabz
ADVERTISEMENT

Related Posts

COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025
Critical Kibana Flaws Allows Code Execution

Mirai Botnet Exploits Vulnerabilities in IoT

May 7, 2025
Critical Kibana Flaws Allows Code Execution

Critical Kibana Flaws Allows Code Execution

May 7, 2025
Critical Kibana Flaws Allows Code Execution

New OttoKit Flaw Targets WordPress Sites

May 7, 2025

Latest Alerts

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

New OttoKit Flaw Targets WordPress Sites

Mirai Botnet Exploits Vulnerabilities in IoT

Critical Kibana Flaws Allows Code Execution

Subscribe to our newsletter

    Latest Incidents

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    UK Legal Aid Agency Faces Cyber Incident

    South African Airways Hit by Cyberattack

    Coweta County School System Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial