A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM) hashes contain users’ (encoded) passwords. “User authentication in Windows is used to prove to a remote system that a user is who they say they are. NTLM does this by proving knowledge of a password during a challenge and response … More
The post Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes appeared first on Help Net Security.