VERY IMPORTANT

This report details a sophisticated cyber attack where threat actors gained initial access through a phishing campaign distributing malicious OneNote attachments. They delivered the IcedID malware, which maintained persistence for over a month before deploying Cobalt Strike beacons. The actors leveraged RDP, AnyDesk, and credential access to move laterally, exfiltrate data using FileZilla, and ultimately deploy Nokoyawa ransomware on critical servers, causing significant impact.