Updated: Dec 7, 2022
Our incident response team had responded to malicious activity in one of our clients'
network infrastructure. A compromised Secure Access instance was probing other network
devices using SoftPerfect Network Scanner and ADFind. These tools have been used in the
past by multiple threat actors, including nation-state sponsored, for discovery reasons.
Investigating further into the malicious activity, we saw that the patient zero legitimately
accessed the network via SSL-VPN, which pointed to a possible credential theft that
allowed attackers to gain access to the instance in question. READ FULL REPORT