inksec

Has successfully completed 🎉

Stolen Time - HiddenTear Lab

On December 2, 2025, the SOC team received an alert indicating a potentially malicious file download on a corporate workstation. Initial triage revealed that a user had downloaded software from an untrusted source, triggering suspicious process chains and network connections to external infrastructure.Within hours, the attack escalated dramatically: the threat actor deployed a sophisticated command-and-control framework, harvested domain credentials, forged Kerberos tickets for unrestricted domain access, and moved laterally to all critical servers including the domain controller, file server, and backup server. The attack culminated in data exfiltration of sensitive corporate information followed by ransomware deployment demanding a substantial Bitcoin...

Read More