Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain users’ (encoded) passwords. “User authentication in Windows is used to prove to a remote system that a user is who they say they are. NTLM does this by proving knowledge of a password during a challenge and response … More →

The post …

access actor attachments authentication computer don't miss email emails employees hashes hot stuff initial access initial access broker lan manager networks ntlm ntlm authentication ntlm hashes organizations passwords phishing proofpoint prove steal stealing systems target threat threat actor varonis windows