Watchguard • 3h
Dreamfyre Ransomware Breach of GkNur Gıda
GkNur Gıda has been targeted by the Dreamfyre ransomware group, resulting in the unauthorized exfiltration of sensitive organizational data and the encryption of critical system assets. The attack likely involved an initial compromise via RDP exploitation or VPN vulnerabilities, followed by lateral movement using Cobalt Strike beacons and Mimikatz for privilege escalation. The threat actors employed double extortion tactics, leveraging tools such as Rclone and MegaSync to exfiltrate PII and financial records prior to deploying a payload utilizing AES-256 and RSA-2048 encryption. This incident underscores the persistent risk of emerging ransomware splinter groups targeting food production supply chains to maximize operational leverage.
Links:Watchguard, Dash, threatlocker.com, Breach, Ransomlook, Ransomware, Hookphish, Dexpose, Reddit, Ttasales, Infosecurity-magazine, Ingerman, Blog, Moxfive, Quorumcyber, Flare, Blackpointcyber, Fortra, Socradar, Bitdefender, Medium, Checkpoint, Malpedia, Paubox, Redpiranha, Blackfog, Labs, Cisa, Cybereason, Cohesity, Cyberflorida, Plextrac, Techrepublic •