A threat actor infiltrated a medical facility and threw everything they had at the network. Here’s a breakdown of what went down 👇 ✅ Netscan used for enumeration ✅ Malicious drivers deployed to disable Windows Defender ✅ Lateral movement via PSExec ✅ Mimikatz to extract cleartext credentials ✅ User accounts created for persistence ✅ Registry modifications using NPPSPY (malicious DLL) Our 24/7 Human SOC isolated the network for the partner, stopping further damage and lateral movement. Tips to protect your network: ➡️ Block local admin rights for day-to-day accounts ➡️ Use the Windows Firewall to prevent lateral movement ➡️ Always keep Windows instances fully patched Want to know more about NPPSPY and how it works? Check out Cleartext Shenanigans on our blog: https://lnkd.in/e_B9G6g6
