Qilin ransomware group targets Chrome credentials through new credential-harvesting tactic.

Qilin ransomware group has adopted a new tactic to steal Google Chrome credentials, expanding the scope of ransomware attacks. The group gained access to a domain controller within the target's Active Directory domain, where they deployed a credential-harvesting technique using a PowerShell script to exfiltrate Chrome credentials. This method, unique to ransomware groups, could potentially harvest credentials of employees stored in Chrome browsers, leading to far-reaching implications. To protect themselves, users are advised to avoid storing passwords in web browsers, rely on third-party platforms for secure password storage, and opt for Two-Factor Authentication or Multi-Factor Authentication whenever possible.

August 22, 2024
4 Articles