New Qilin Ransomware Attack Uses DCSync Technique to Abuse AD Replication Protocol

A recent Qilin ransomware intrusion has revealed a stealthy privilege escalation technique that abuses Active Directory’s built-in replication protocols to harvest domain credentials, including the coveted KRBTGT hash and NTLM password hashes for every account in the domain. Security researcher Maurice Fielenbach, investigating the intrusion, identified the abuse through anomalies in Windows Security logs. The […]

The post New Qilin Ransomware Attack Uses DCSync Technique to Abuse AD Replication Protocol appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: