Cyber Threat Report: 'Investigating New INC Ransom Group Activity'

Report Author Huntress
Publication Date 2023-08-11
Original Reporting Source
Related Intrusion Sets INC Ransomware Group

This blog post from huntress discusses the ransomware group known as 'INC', breaking down the stages of an attack day by day. The Huntress team conducted an investigation into an 'INC' ransomware attack, revealing that the initial attack phases began a week prior to the encryption event. INC used short connections, compromised credentials, and native tools (LOLBINs) for data collection and staging, eventually leading to data exfiltration and file encryption. The post provides indicators of compromise (IoCs) and MITRE ATT&CK mappings based on their observed activity.

Cyber Threat Graph Context

Explore how this report relates to the wider threat graph

Mitigations to defend against the techniques in this report

Identified MITRE ATT&CK Techniques