Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S. and U.K., says Palo Alto Networks. Operators compromise Remote Desktop Protocol credentials or use phishing emails to gain unauthorized access to networks. They use open-source and built-in system tools to aid in lateral movement and credential harvesting, researchers say. The group’s “MagicSocks” tool creates “tunnels” for continued remote access, Palo Alto says.”]
Source: https://www.cuinfosecurity.com/how-mespinoza-ransomware-group-hits-targets-a-17086