FBI, CISA Release IoCs for Phobos Ransomware
(www.cisa.gov)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 01 Mar 2024 11:47
https://sh.itjust.works/post/15476172
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 01 Mar 2024 11:47
https://sh.itjust.works/post/15476172
The FBI and CISA have detailed Phobos ransomware deployment tactics in an advisory, part of a stop-ransomware initiative with MS-ISAC. Phobos, a ransomware-as-a-service since 2019, gains access via phishing, exploits RDP ports, and escalates privileges using Windows functions. It establishes persistence, exfiltrates data for leverage, and targets backups to prevent recovery without paying a ransom. The advisory includes compromise indicators for defense.
threaded - newest