Qilin ransomware targets network-connected endpoints to pull Google Chrome data
The Qilin ransomware has been spotted successfully exfiltrating sensitive data stored in Google Chrome.
In its writeup, researchers from Sophos revealed how a criminal group used previously compromised credentials to enter the IT infrastructure of an unnamed organization.
The browser credentials were for a Virtual Private Network (VPN) portal, which lacked multi-factor authentication (MFA), and as such was relatively easy to access.En masse credential theft
Sophos says it isn’t known if the initial breach was made by an Initial Access Broker (IAB) and then handed over to the ransomware operators, or if it was all done by a single organization.
In any case, the group dwelled for more than two weeks (18 days) before moving laterally to a domain controller using the compromised credentials.
