Rapid Breach Social Engineering to Remote Access in 300 Seconds

Excerpt:
This post explains a recent incident response engagement handled by NCC Group’s Digital Forensics and Incident Response (DFIR) team, involving a social engineering attack followed by the quick succession of PowerShell commands, leading to compromise.

Incident Overview
The Threat Actor targeted around twenty users, impersonating IT support personnel, and successfully convinced two users to grant remote access to their system using the Windows native QuickAssist remote support tool.

In less than five minutes the Threat Actor executed PowerShell commands that led to the download of offensive tooling, malware execution and the creation of persistence mechanisms.

To read the complete article see: NCC Group Research Blog