Select Page

“Evidence suggests that [Maze] operates under an affiliate model, which explains the diversity in its targets as well as the heterogeneity in TTPs employed to successfully compromise its victims,” said Andrea Carcano, co-founder of Nozomi Networks. “While originally spread through exploit kits and emails with malicious attachments, it has evolved to follow new trends and recently began to be deployed post-compromise. The post-compromise deployment approach gives the attackers time to perform lateral movement in the network and maximize the potential impact by exfiltrating and encrypting specific assets.”

Read More