Hacker spent nearly five months inside a US regional government network, downloading files, using software and deleting logs, before deploying Lockbit ransomware. Sophos recreated the attack from what was left of the logs and believe the attackers got in through a public facing remote desktop protocol (RDP) port – something that even the most elementary of cyber security policies should have spotted and addressed.
Attackers linger on government agency computers before deploying Lockbit ransomware – Sophos News
Do you have open RDP port on your network?
Clive Catton MSc (Cyber Security) – by-line and other articles