On May 13, the HSE’s antivirus security provider emailed the HSE’s security operations team, highlighting unhandled threat events dating back to May 7 on at least 16 systems.Hospital C’s antivirus software detected Cobalt Strike on two systems but failed to quarantine the malicious files. On, security auditors first identified evidence of the attacker compromising systems within Hospital C and Hospital L.On May 10, one of the hospitals detected malicious activity on its Microsoft Windows Domain Controller, a critical “keys to the kingdom” component of any Windows enterprise network that manages user authentication and network access. On May 7, the attacker compromised the HSE’s servers for the first time, and over the next five days the intruder would compromise six HSE hospitals.But the antivirus software was set to monitor mode, so it did not block the malicious commands.” 31, 2021, the HSE’s antivirus software detected the execution of two software tools commonly used by ransomware groups - Cobalt Strike and Mimikatz - on the Patient Zero Workstation. After infecting the system, “the attacker continued to operate in the environment over an eight week period until the detonation of the Conti ransomware on May 14, 2021,” the report states.Īccording to PWC’s report (PDF), there were multiple warnings about a serious network intrusion, but those red flags were either misidentified or not acted on quickly enough: Less than a week later, the attacker had established a reliable backdoor connection to the employee’s infected workstation. 18, 2021, when an employee on a Windows computer opened a booby-trapped Microsoft Excel document in a phishing email that had been sent two days earlier.
A timeline in the report (above) says the initial infection of the “patient zero” workstation happened on Mar. Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021. PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.
0 kommentar(er)
