Hackers steal Windows NTLM authentication hashes in phishing attacks
March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more