The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.

Hacking group TA577 targets NTLM hashes via phishing, enabling account hijacks and network breaches. Phishing emails with ZIP attachments trigger NTLM hash theft, posing significant security risks. Proofpoint advises firewall configuration and email filtering to mitigate threats.