Security Joes spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups. The most notable cases are a modified version of Ligolo, a reverse tunneling utility that’s freely available for pentesters on GitHub, and a custom tool to dump credentials from LSASS. The attack unfolded on a weekend evening and followed a rapid development, showcasing the actors skills and “red teaming” knowledge. No concrete connection between groups has been uncovered, but the operational tactics, targeting scope and malware customization capabilities signify a potential connection.”]