Fog Ransomware Targets US Sectors Via Compromised VPN Credentials

Summary:

A new ransomware operation named ‘Fog,’ launched in early May 2024, is targeting educational organizations and the recreation sector in the US. The threat actors were able to infiltrate victim environments by exploiting compromised VPN credentials, with the remote access occurring through two separate VPN gateway vendors.

Threat Level – Amber | Attack Report

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.