Massive breach spills credentials for thousands of sensitive networks

Hudson Rock said the attackers went on to "actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis." They used the cluster to try massive combinations of plain-text passwords until they found the right ones.

Those passwords let the threat actors move laterally to compromise Active Directory environments and other centralized authentication systems. "This aggressive methodology has led to severe, real-world consequences," Hudson Rock said. Diachenko’s research confirmed full network compromises at multiple organizations across Japan, Taiwan, Vietnam, Iraq, and Turkey.

Most alarmingly, this includes a Turkish NATO defense contractor from which classified defense documents were successfully exfiltrated by the group.

Japan, Taiwan, Vietnam, Iraq, Turkey

hudson rock, ssl vpn, authentication hashes, gpu cluster, hashtopolis, plaintext passwords, lateral movement, active directory, network compromises, turkish contractor