The malicious entities responsible for the RansomHub ransomware-as-a-service (RaaS) operation have been noted exploiting recently-fixed vulnerabilities in Microsoft Active Directory and the Netlogon protocol to elevate permissions and attain illegitimate access to a victim’s network domain controller as a component of their post-breach tactics.
“RansomHub has aimed at more than 600 enterprises worldwide, covering various industries.