A new sophisticated stealing campaign named  “Steal-It”  has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed that the Steal-It campaign may be attributed to APT28 (aka Fancy Bear) based on its similarities with the APT28 cyber attack. Fancy Bear is a Russian cyber espionage group that […]

The post Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Guru Baran

Source: gbHackers
Source Link: https://gbhackers.com/hackers-steal-ntlmv2-hashes/