Threat Research

    Hide Your RDP: Password Spray Leads to RansomHub Deployment

    The intrusion started in November 2024 with a password spray attack against an exposed RDP server. The attacker attempted multiple logins over several hours using accounts and IPs flagged in OSINT sources. Eventually, they gained RDP access with a compromised account and executed discovery commands to enumerate users and systems....
    7/1/2025  0
    Read More »

    Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

    The threat actor initially exploited CVE-2023-22527 on a public-facing Confluence server to achieve remote code execution. They followed a repeatable command sequence—installing AnyDesk, creating admin accounts, and enabling RDP—indicating automation or a playbook. Credential theft tools like Mimikatz, ProcessHacker, and Secretsdump were used....
    5/19/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.