On Thu, 27 May 2021, at 19:25, David McNab wrote:
That, or the hackers were extremely patient to escalate very limited initial access to full root run-of-network over what could have been months.

^^ Yeah this.  There's every chance the initial compromise was months ago, and the criminals have been working quietly for weeks to elevate their privileges.  Also likely that this group who initiated the ransomware aren't the same group that got the initial entry, nor the same group that escalated to domain admin.

E

--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es



On Thu, 27 May 2021, at 19:25, David McNab wrote:
On Thu, 27 May 2021 at 18:31, Lawrence D'Oliveiro <ldo@geek-central.gen.nz> wrote:
Hard to believe a single attack could have compromised so many
machines. Seems the individual who clicked on that wrong link had a
worryingly high level of access to the entire system.

That, or the hackers were extremely patient to escalate very limited initial access to full root run-of-network over what could have been months.



_______________________________________________
wlug mailing list -- wlug@list.waikato.ac.nz | To unsubscribe send an email to wlug-leave@list.waikato.ac.nz
Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
_______________________________________________
wlug mailing list -- wlug@list.waikato.ac.nz | To unsubscribe send an email to wlug-leave@list.waikato.ac.nz
Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz