"FBI Warns of Egregor Attacks on Businesses Worldwide"

The FBI is warning companies in the private sector of an increase of attacks using the Egregor ransomware.  The malware has already compromised more than 150 organizations.  Egregor is spread through phishing emails with malicious attachments, exploits for remote desktop protocol (RDP), and VPNs.  Threat actors can move inside networks laterally once inside.  Egregor ransomware affiliates have been observed using tools like Cobalt Strike, Qakbot/Qbot, Advanced IP Scanner, and AdFind to escalate privileges and make lateral moves across a network.  They are also using tools like Rclone and 7zip to exfiltrate data, according to the FBI.

Threatpost reports: "FBI Warns of Egregor Attacks on Businesses Worldwide"