.png){kind=logo}
Sockbot in Goland - Linking APT Actors With Ransomware Gangs
- Security Joes
- Mar 9, 2022
- 1 min read
Updated: Dec 7, 2022
Our incident response team had responded to malicious activity in one of our clients'
network infrastructure. A compromised Secure Access instance was probing other network
devices using SoftPerfect Network Scanner and ADFind. These tools have been used in the
past by multiple threat actors, including nation-state sponsored, for discovery reasons.
Investigating further into the malicious activity, we saw that the patient zero legitimately
accessed the network via SSL-VPN, which pointed to a possible credential theft that
allowed attackers to gain access to the instance in question. READ FULL REPORT
![LazarOps: APT Tactics Targeting the Developers Supply Chain [PART 1]](https://static.wixstatic.com/media/e17082_c23422c687d54ba084a6d89ddd939173~mv2.jpg/v1/fill/w_980,h_835,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/e17082_c23422c687d54ba084a6d89ddd939173~mv2.jpg)
Comments