TA577s Unusual Attack Chain Leads to NTLM Data Theft
Proofpoint identified notable cybercriminal threat actor TA577 using a new attack chain to demonstrate an uncommonly observed objective stealing NT LAN Manager (NTLM) authentication information. This activity can be used for sensitive information gathering purposes and to enable follow-on activity.