The Mad Liberator ransomware group used social engineering to exploit the remote-access application AnyDesk, gaining unauthorized access and exfiltrating data without the company's knowledge. They carried out a sophisticated attack involving a fake Windows update screen to hide their activities, successfully bypassing the victim's defenses by masking their actions behind a familiar system process. The incident did not involve encryption of data but focused on exfiltrating sensitive information through the misuse of AnyDesk's remote access capabilities. The attackers capitalized on the trust placed in IT departments' regular maintenance practices, which allowed them to carry out the attack unnoticed for almost four hours.
Source: https://securityaffairs.com/167231/malware/mad-liberator-ransomware-social-engineering.html
"id": "any000082124",
"linkid": "anydesk-software-gmbh",
"type": "Ransomware",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"