State of the Hack

State of the Hack is FireEye’s monthly series, hosted by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that discusses the latest in information security, digital forensics, incident response, cyber espionage, APT attack trends, and tales from the front lines of significant targeted intrusions.

RSS 0 0

S2E03: Behind the ATM Heist & Other Red Team Stories

Updated about 1 month ago.

On this episode, we got right into a bunch of new in-the-wild activity! We discussed FIN6's shift to deploying enterprise ransomware, including their recent LOCKERGOGA campaigns. The recent DAYJOB/ShadowHammer supply chain compromises prompted some discussion around this trend and several hunting techniques. We covered our newly-released blog on the techniques that the attackers used to deliver the TRITON malware framework and how to hunt for them - as well as some background on our on-going response to that group at another critical infrastructure client. We wanted to learn more about attacker creativity and their mindset by inviting a real-life adversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team. She walks us through a comprehensive red team case study at a financial client that include compromising multi-factor systems, KeePass, and eventually ATMs. She chats about why our red team prefers phone-based social engineering as well as our Mandiant Red Team's release of CommandoVM and ADFSDump/ADFSpoof.