216.73.217.176

Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs

· Published 08/09/2025 21:36 · Modified 09/09/2025 22:10

Export JSON

Essential information

Published
08/09/2025 21:36
Modified
09/09/2025 22:10
Tags
2025-09-08 betruger data exfiltration grixba lateral movement multi-group affiliation multi-group operation ransomware sectoprat systembc
Related entities
12 techniques (mitre), 1 others

Description

This intelligence report details a sophisticated cyber intrusion with links to three major groups: Play, RansomHub, and DragonForce. The attack began with a malicious file impersonating DeskSoft's EarthTime application, which deployed malware. The threat actors used various tools for reconnaissance, , and , including , backdoor, AdFind, SharpHound, and . They leveraged RDP and Impacket's wmiexec for , and used WinRAR and WinSCP for data collection and exfiltration. The intrusion lasted six days before the threat actors were evicted, showcasing a range of advanced persistent threat techniques and highlighting the blurred lines between different operations.

External references