Pawn Storm, also known as APT28, has been targeting high-value entities since 2004. They continue to compromise email accounts despite using outdated methods like phishing. Pawn Storm has recently been involved in Net-NTLMv2 hash relay attacks on government, defense, and military networks globally. They have targeted various sectors and regions, demonstrating persistence and enhancing operational security. They have used anonymization layers and vulnerabilities to conduct their attacks. Pawn Storm remains aggressive and network defenders should leverage indicators of compromise to enhance security.

#PawnStorm #APT28 #hashrelayattacks #government #defense #military #phishing #informationsecurity

https://www.infosecurity-magazine.com/news/pawn-storms-stealthy-net-ntlmv2/