Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts

A new sophisticated stealing campaign named  “Steal-It”  has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed that the Steal-It campaign may be attributed to APT28 (aka Fancy Bear) based on its similarities with the APT28 cyber attack. Fancy Bear is a Russian cyber espionage group that […]

The post Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts appeared first on GBHackers - Latest Cyber Security News | Hacker News.

apt28 attack bear campaign cyber fancy bear hackers hacks hashes may ntlmv2 powershell powershell script powershell scripts russian script scripts start steal stealing