MalwareBleeping Computer
8.0 — CRITICAL
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Trigona ransomware attacks are using a custom exfiltration tool to steal data from compromised environments, indicating an effort to maintain a lower profile during critical attack phases.
⚙️Technical Details
Affected Systems
Network drives
Attack Vectors
Direct remote access via AnyDeskCredential theft and password recovery operations using Mimikatz and Nirsoft utilitiesUse of PowerRun to bypass user-mode protectionsDeployment of additional tools as kernel driver services
💥Impact Assessment
Severity: high
Who Is at Risk
Victims of Trigona ransomware attacksSeverity: high
🛡️Recommended Actions
1Implement real-time monitoring and detection for suspicious network activity
2Use secure protocols for remote access, such as SSH or VPNs
3Regularly update and patch vulnerable kernel drivers
📦Affected Products
Software:PowerRun
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.