Andariel 공격 그룹이 활용하는 RID Hijacking 공격 기법
2025-01-22 • Ahnlab • RID Hijacking Attack Technique Used by the Andariel Attack Group •
AhnLab reports that the Andariel threat group used RID Hijacking during intrusions to manipulate Windows account relative identifier values and elevate privileges. The technique can make a limited or guest account inherit administrator-like access, supporting persistence and stealth after compromise. The report links the behavior to Andariel operations involving malicious files and backdoor account creation, giving defenders concrete Windows account-abuse tradecraft to hunt.
Related Actors
Related Reports
Shares tag: Andariel • Same author: Ahnlab • Published within a week
2025-01-02 •
90% Match
#Andariel
#Ransomware
#Play
#T1046
#T1219
#T1562.001
#T1486
#T1018
#T1657
#T1003.001
#T1048.003
#T1560.001
#T1033
#T1087.002
#T1570
#T1069.001
#T1069.002
#T1572
#T1615
#T1482
Shares tag: Andariel • Same author: Ahnlab • Published within a month
2025-01-01 •
90% Match
#Andariel
#Ransomware
#Play
#T1046
#T1219
#T1562.001
#T1486
#T1018
#T1657
#T1003.001
#T1048.003
#T1560.001
#T1033
#T1087.002
#T1570
#T1069.001
#T1069.002
#T1572
#T1615
#T1482
Shares tag: Andariel • Same author: Ahnlab • Published within a month
Shares tag: Andariel • Same author: Ahnlab • Published within a month
Shares tag: Andariel • Published within a week
Shares tag: Andariel • Published within a week