Academy of Public Administration (Belarus)

From Enlace Hacktivista
Revision as of 00:37, 26 January 2022 by Amongomous (talk | contribs) (Created page with "Two hacks wiping and encrypting the internal network of the Academy of Public Administration in Belarus, by Cyber Partisans. * Video of the second hack: https://www.youtube.com/watch?v=8l4etG0YKKQ == Explanation of the Hack == According to an incident report leaked by the hackers themselves during the second hack, they gained initial access using the CVE-2019-0708 BlueKeep exploit in an unpatched Windows 2008 server that had its RDP port exposed to the internet. T...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Two hacks wiping and encrypting the internal network of the Academy of Public Administration in Belarus, by Cyber Partisans.

Explanation of the Hack

According to an incident report leaked by the hackers themselves during the second hack, they gained initial access using the CVE-2019-0708 BlueKeep exploit in an unpatched Windows 2008 server that had its RDP port exposed to the internet. They proceeded to dump local user credentials using mimikatz, tunneled out using chisel and 3proxy to use RDP and psexec.py for lateral movement on the internal network until landing on and taking over the domain controller. They then deleted data from both live and backup systems.

https://www.curatedintel.org/2022/01/hacktivist-group-shares-details-related.html

Retrieved from "https://enlacehacktivista.org/index.php?title=Academy_of_Public_Administration_(Belarus)&oldid=334"