Threat actor ByteToBreach claims a full infrastructure takeover of National Oil Ethiopia PLC, achieving full Active Directory admin access and deploying ransomware after an 8-step intrusion. The actor alleges exfiltration of over 800 GB of data—including a 500 GB ERP database—and reports compromises of Veeam backup infrastructure and the Kaspersky security console. #ByteToBreach #NationalOilEthiopia #ERP #Veeam #Kaspersky
Keypoints
- ByteToBreach claims a complete infrastructure compromise of National Oil Ethiopia via an 8-step attack chain.
- Initial access was gained through an Exchange ProxyLogon exploit, followed by lateral movement using a Metasploit reverse shell and Ligolo tunneling.
- Attackers escalated to full Active Directory administrator privileges and harvested internal credentials.
- More than 800 GB of data were exfiltrated, including a 500 GB ERP database and extensive client and employee records.
- Veeam backup infrastructure and the Kaspersky security console were compromised, and ransomware was deployed across the environment.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!