Sockbot in Goland - Linking APT Actors With Ransomware Gangs

Our incident response team had responded to malicious activity in one of our clients'

network infrastructure. A compromised Secure Access instance was probing other network

devices using SoftPerfect Network Scanner and ADFind. These tools have been used in the

past by multiple threat actors, including nation-state sponsored, for discovery reasons.

Investigating further into the malicious activity, we saw that the patient zero legitimately

accessed the network via SSL-VPN, which pointed to a possible credential theft that

allowed attackers to gain access to the instance in question. READ FULL REPORT