Morphisec says it is aware of at least 15 organizations including those in the finance, agriculture, and technology sectors that have been targeted in this way. Researchers say they have observed the tactic being used against numerous public and private sector organizations across the US over the last three months. In each of the attacks, the threat group gained initial access to the target network via phishing emails that distributed Dridex, a well-known data and credential-stealing malware. Once on the network, the attacker stole Active Directory credentials and conducted reconnaissance for sensitive systems to infect.”]