In a recent IcedID malware assault, the threat actor used methods from other organisations like Conti to achieve its objectives and was able to breach the Active Directory domain of an undisclosed victim less than 24 hours after initially acquiring access.
According to a paper released this week by Cybereason researchers, “during the attack, the attacker followed a routine of recon commands, credential theft, lateral movement via abusing Windows protocols, and running Cobalt Strike on the newly compromised host.”