Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cyberattackers Bypass Security to Steal Credentials

Cyberattackers Bypass Security to Steal Credentials

Posted on July 2, 2026 By CWS

In a sophisticated cyberattack, hackers have effectively disabled critical security systems to steal sensitive credentials. This new method of attack highlights the lengths cybercriminals will go to in order to remain undetected while harvesting valuable information.

Attackers Overwhelm Security Defenses

Recently, a threat actor successfully bypassed various security measures, including Microsoft Defender and Sysmon, before deploying Mimikatz to extract credentials. The incident underscores a meticulous strategy to erase digital footprints and avoid detection by security teams.

The breach began on June 7 when attackers compromised a web server, executing reconnaissance commands that initially seemed routine. However, this quickly escalated into a sophisticated operation employing multiple techniques to evade defenses.

Intrusion Techniques and Evading Detection

According to a report from Huntress, shared with Cyber Security News, investigators identified the breach following suspicious activity detected by their Security Operations Center (SOC). This discovery led to the identification of a steganographic webshell hidden within an image file, marking the attack’s commencement.

The concealed webshell, named UA4fp7R.aspx, was traced back to an image directory. Despite remediation efforts, the attackers repeatedly returned, eventually escalating to full credential theft.

Credential Theft and Defensive Sabotage

This case is notable not only for the credential theft but also for the premeditated sabotage of security systems. The attackers executed a batch script, i.bat, to disable IIS HTTP logging and weaken Microsoft Defender, using PowerShell commands to remove various security monitoring capabilities.

Further, they used taskkill and Windows service controls to terminate Sysmon, Filebeat, and other security tools, effectively blinding the environment to their activities. By using Image File Execution Options, they froze critical security processes, ensuring their actions went undetected.

With defenses neutralized, the attackers focused on stealing credentials. They modified registry settings to store passwords in plaintext and used tools to extract sensitive data, writing it to files like pass.txt and hash.txt. The Mimikatz tool was employed to directly access memory-stored credentials.

Preventive Measures and Future Outlook

Fortunately, the intrusion was contained before any data exfiltration occurred, thanks to the timely detection by the SOC. However, this incident serves as a stark reminder of the importance of comprehensive security measures.

Organizations are urged to maintain robust security practices, such as keeping software updated, ensuring thorough logging, and protecting internet-facing servers with firewalls or VPNs. Effective incident response is also crucial to prevent attackers from regaining access to compromised systems.

As cyber threats continue to evolve, strengthening security operations centers and accelerating threat detection will be vital in defending against similar sophisticated attacks in the future.

Cyber Security News Tags:credential theft, Cybersecurity, Hacking, incident response, Microsoft Defender, Mimikatz, security breach, Sysmon, threat detection, WAF

Post navigation

Previous Post: FortiBleed Campaign Fuels Global Ransomware Operations
Next Post: Umbrij Malware Exploits OAuth for Gmail Access

Related Posts

OpenSSL Conference 2025 OpenSSL Conference 2025 Cyber Security News
Top User Access Management Tools for 2026 Top User Access Management Tools for 2026 Cyber Security News
AI-Driven Malware Surge by Transparent Tribe AI-Driven Malware Surge by Transparent Tribe Cyber Security News
New Crocodilus Malware That Gain Complete Control of Android Device New Crocodilus Malware That Gain Complete Control of Android Device Cyber Security News
Critical Android 0-Click Vulnerability in System Component Allows RCE Attacks Critical Android 0-Click Vulnerability in System Component Allows RCE Attacks Cyber Security News
Cisco ISE Flaws Enable Remote Code Execution Risk Cisco ISE Flaws Enable Remote Code Execution Risk Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Oracle E-Business Exposed to Critical Vulnerability
  • Optimizing AI Software Audits for Enhanced Security
  • Umbrij Malware Exploits OAuth for Gmail Access
  • Cyberattackers Bypass Security to Steal Credentials
  • FortiBleed Campaign Fuels Global Ransomware Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Oracle E-Business Exposed to Critical Vulnerability
  • Optimizing AI Software Audits for Enhanced Security
  • Umbrij Malware Exploits OAuth for Gmail Access
  • Cyberattackers Bypass Security to Steal Credentials
  • FortiBleed Campaign Fuels Global Ransomware Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark