In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
Critical Alert: Sophisticated Impersonation Campaign Targets 150+ Organizations
As reported by the Microsoft Threat Intelligence Center (MSTIC), we are currently witnessing a new, high-volume wave of sophisticated spear-phishing attacks. This campaign marks a significant escalation in nation-state tradecraft for the 2026 threat landscape....
The Christmas Tree Worm: A Festive Fiasco That Changed Cybersecurity
In December 1987, as office workers were winding down for the holidays, a seemingly innocent digital greeting card began appearing on IBM mainframe terminals. It was titled CHRISTMA EXEC, and its arrival marked one of the first times the world witnessed the true...
France’s Interior Ministry Confirms Email Server Cyberattack
In a significant security breach, the French Ministry of Interior has officially confirmed that its email servers were the target of a sophisticated cyberattack. The incident has caused notable disruptions to internal communications across key government domains. The...