National Oil Ethiopia PLC (NOC) reportedly suffered a major data breach and ransomware attack after a threat actor detailed an eight-step intrusion on a hacker forum. The attacker says they exploited an Exchange ProxyLogon vulnerability to escalate privileges, disable Kaspersky, compromise Veeam backups, deploy ransomware, and exfiltrate four databases including an ERP database of over 800GB. #NationalOilEthiopia #ProxyLogon #Kaspersky #Veeam #ERP
Keypoints
- Threat actor claims an eight-step intrusion against National Oil Ethiopia PLC.
- Initial access was gained by exploiting an Exchange ProxyLogon vulnerability.
- Attackers escalated privileges and disabled Kaspersky security software.
- Veeam backup systems were compromised before ransomware was deployed across the network.
- Four databases were exfiltrated, including an ERP database of more than 800GB.
Read More: https://dailydarkweb.net/national-oil-ethiopia-plc-suffers-major-data-breach/