Last month’s oil pipeline ransomware incident that spurred fuel shortages/hoarding and a $4.4 payout to the attackers has apparently been traced back to an unused but still active VPN login. Mandiant exec Charles Carmakal told Bloomberg that their analysis of the attack found that the suspicious activity on Colonial Pipeline’s network started April 29th.
While they couldn’t confirm exactly how the attackers got the login, there apparently isn’t any evidence of phishing techniques,…
Source link