"The threat actors repeatedly leveraged remote services to facilitate lateral movement within the network. Their activity began with the deployment of SystemBC and GhostSOCKS proxy tools to a domain controller."

🌟New report out Monday, January 27th by @r3nzsec, @MyDFIR & @MittenSec!