“Unmasking Steal-It: Understanding the Latest Cyber Attack Targeting Windows Systems”

“Unmasking Steal-It: Understanding the Latest Cyber Attack Targeting Windows Systems”

Overview of the New Cyber Attack: Steal-It

  • A new cyber attack campaign is utilizing the PowerShell script linked to a credible red teaming tool to exploit NTLMv2 hashes from compromised Windows systems.
  • These activities, mainly seen in Australia, Poland, and Belgium, have been dubbed Steal-It by Zscaler ThreatLabz.
  • The hackers in this campaign steal and exfiltrate NTLMv2 hashes using personalized versions of Nishang’s.

PowerShell Script Utilization in Cyber Attack

Always looking for a loophole, these cyber ninjas have taken a page out of an old playbook, leveraging a legitimate tool for mischievous deeds. They’re using a PowerShell script, typically associated with a valid red teaming tool, to wreak havoc and snatch NTLMv2 hashes from compromised Windows systems. You can think of it as cracking eggs to make an omelette, only in this case, the eggs are security codes, and the omelette is chaos.

Geographic Distribution of the Attack

The boomerang doesn’t always return to thrower’s hand, as seen by the activity of this new cyber attack campaign tagged Steal-It. Primarily, this cyber slugfest is happening in three regions: Australia, Poland, and Belgium. Looks like the kangaroos, pierogi-lovers, and beer enthusiasts got the short end of the digital stick this time around.

Adaptation of Nishang’s in Steal-It Campaign

And as if copying and pasting wasn’t enough, these cyber-boogeymen have customized their tools like a suburban dad tweaks his lawnmower. They’re using modified versions of Nishang’s, as customization is the name of their pernicious game. The hackers in the Steal-It campaign are robbing and exfiltrating NTLMv2 hashes with a level of precision that leaves security forces biting the dust of their virtual tracks.


In summary, we’re looking at a tailored cyber attack campaign that makes use of PowerShell script associated with an actual red teaming tool to gain unauthorized access to NTLMv2 hashes from compromised systems. Mainly taking place in Australia, Poland, and Belgium, the campaign has been given the fitting moniker of Steal-It by those tracking its movements. Worse still, the termites in the virtual woodwork are making use of customized versions of Nishang’s, putting a personalized touch on their cyber theft. It’s a grim reminder that when it comes to cybersecurity, you can’t take anything for granted, not even your dad’s corny jokes.

Original Article: https://thehackernews.com/2023/09/cybercriminals-using-powershell-to.html

Leave a Reply

Your email address will not be published. Required fields are marked *


Your Cart Is Empty

No products in the cart.