Massive breach spills credentials for thousands of sensitive networks

Hudson Rock said the attackers went on to “actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis.” From there, they used the GPU cluster to crack the hashes, meaning to try massive combinations of plain-text passwords until they found the right one. These passwords allowed the threat actors to move laterally to compromise Active Directory environments and other centralized authentication systems. “This aggressive methodology has led to severe, real-world consequences,” Hudson Rock said. “Diachenko’s research confirmed full network compromises at multiple organizations across Japan, Taiwan, Vietnam, Iraq, and Turkey. Most alarmingly, this includes a Turkish NATO defense contractor from which classified defense documents were successfully exfiltrated by the group.” In the interview, Diachenko put it more succinctly. “The scale is the sophistication,” he said. The scale didn’t stop there. The attackers used the massive cluster to run a” feedback-driven, 12-level recursive system.” In other words, there wasn’t a single flat dictionary run. Password candidates came from custom dictionaries with as many as eight words, common keyboard patterns, and cracking rules. Each one looped back with each step. When guesses were successful, the passwords were fed back as seeds to generate still more candidates. In other words, the cracking techniques improved with each successful guess. …