120
Nevada ransomware attack traced back to malware download by employee | Cybersecurity Dive
(www.cybersecuritydive.com)
this post was submitted on 10 Nov 2025
120 points (98.4% liked)
Cybersecurity
8610 readers
67 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Everybody hates the government, but that take is not applicable.
Reading the incident report -
A privileged user got spearphished into downloading a compromised system administration tool. After the compromised tool was detected by industry standard (and modern) intrusion detection software and removed, the backdoor it installed, which was not fixed, was (eventually) used to install a keylogger. Shortly thereafter, another privileged user had a keylogger installed. Afterward, the harvested credentials were used to create further compromises in their network and to move laterally throughout it.
The age of the equipment or software is not a factor when your admin accounts get compromised. The user that got compromised should have known better, but they literally failed one thing - double checking the veracity of the download website. They didn’t surrender credentials, or fall for any direct attack. It’s not really a government bad, private industry good sort of thing. Heck, if that had happened to a non-admin user, the attack wouldn’t have been possible.