State of the Hack: Behind the ATM Heist & Other Red Team Stories

Presented by FireEye FireEye's logo

On this episode, we got right into a bunch of new in-the-wild activity!

We discussed FIN6's shift to deploying enterprise ransomware, including their recent LOCKERGOGA campaigns. The recent DAYJOB/ShadowHammer supply chain compromises prompted some discussion around this trend and several hunting techniques. We covered our newly-released blog on the techniques that the attackers used to deliver the TRITON malware framework and how to hunt for them - as well as some background on our on-going response to that group at another critical infrastructure client.

We wanted to learn more about attacker creativity and their mindset by inviting a real-life adversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team. She walks us through a comprehensive red team case study at a financial client that include compromising multi-factor systems, KeePass, and eventually ATMs. She chats about why our red team prefers phone-based social engineering as well as our Mandiant Red Team's release of CommandoVM and ADFSDump/ADFSpoof.