TA577 Exploits NTLM Authentication Vulnerability

The group targeted hundreds of organizations globally with emails containing zipped HTML attachments designed to capture NTLM hashes. This method could enable password cracking or “Pass-The-Hash” attacks.