Researchers also discovered other methods employed by the attackers, including the use of KeeThief, an open-source tool that extracts KeePass password manager credentials. The tool is used by the attackers to steal a local IT administrator’s credentials in order to bypass endpoint detection response and other defenses, said AdvIntel CEO Vitali Kremez.
Other hacking strategies involve deploying a portable version of Notepad++ and CrackMapExec, an open-source penetration tool.