"Malicious Email Campaign Steals NTLM Hashes"

TA577, also known in the security industry as Hive0118, has targeted organizations with rogue email attachments that, when opened, steal Microsoft Windows NT LAN Manager (NTLM) authentication information. Researchers warn that the group's recent campaigns involved thousands of email messages sent to hundreds of entities. NTLM is the default authentication mechanism used on Windows networks when a computer attempts to access network resources or services. This article continues to discuss the malicious email campaign that steals NTLM authentication information.

CSO Online reports "Malicious Email Campaign Steals NTLM Hashes"

Submitted by grigby1