Blog

Unit 42 recently assisted a prominent manufacturer who experienced a severe ransomware attack orchestrated by Ignoble Scorpius, the group that distributes BlackSuit ransomware. This incident serves as a reminder of how a seemingly minor issue — in this case, a single set of compromised VPN credentials — can lead to a full-scale corporate crisis with tremendous impact to the bottom line.

The Attack: A Combination of Reconnaissance and Ransomware

The Ignoble Scorpius attack began with a voice phishing (vishing) call. The attacker impersonated the company’s IT help desk and tricked an employee into entering their legitimate VPN credentials on a phishing site.

With these credentials, the threat actor gained initial network access and immediately escalated their privileges. They executed a DCSync attack on a domain controller to steal highly privileged credentials, including a key service account. Using these compromised credentials, they moved laterally across the network using RDP and SMB, employing tools like Advanced IP Scanner and SMBExec to map the network and identify high-value targets.

The attackers established persistence by deploying AnyDesk and a custom RAT on a domain controller, configured as a scheduled task to survive reboots. (It is important to note that threat actors often abuse and take advantage of legitimate products like AnyDesk for malicious purposes. We are not implying that the legitimate product is flawed.)

The attackers then compromised a second domain controller, extracting the NTDS.dit database containing all user password hashes, and exfiltrated over 400 GB of data using a renamed rclone utility. To cover their tracks, the threat actors deployed CCleaner to erase forensic evidence before unleashing the final blow: BlackSuit ransomware, orchestrated through Ansible, simultaneously encrypted hundreds of virtual machines across approximately 60 VMware ESXi hosts, disrupting operations across the entire infrastructure.

How Unit 42 Helped

When Unit 42 was engaged, we helped the client expand their Cortex XDR deployment from 250 to over 17,000 endpoints, providing enterprise-wide visibility to track the attacker’s every move. We also leveraged Cortex XSOAR to automate containment actions, stopping the attack from spreading further.

Our investigation identified the full attack path and led to some critical recommendations including:

• Network Security: Replace end-of-life Cisco ASA firewalls with Next-Generation Firewalls (NGFW), implement network segmentation, and restrict administrative access to critical systems (like DCs and ESXi hosts) to dedicated management VLANs.
• Identity and Access Management: Enforce MFA for all remote access, disable NTLM or require EPA, rotate all credentials, and restrict service accounts from being used for interactive logons like RDP.
• Endpoint and Server Hardening: Block EFSRPC using RPC filters to prevent PetitPotam/DCSync attacks, deploy and maintain a fully patched XDR solution on all endpoints, and have a strict policy for removing EOL systems.
• Logging and Monitoring: Enhance log retention to 90-plus days for critical sources (ESXi, firewalls, Nasuni), ensure logs are properly parsed for effective analysis, and enable features like AWS CloudTrail log validation.

The Outcome

The client was able to achieve several key outcomes:

• Financial demand negated: We successfully negated the $20 million ransom demand, ensuring the client paid no ransom.
• Expanded visibility: The engagement expanded the client’s endpoint visibility from 250 to over 17,000, creating a robust foundation for future security operations.
• Strategic guidance: We provided bespoke, strategic after-incident guidance, helping the client fortify their defenses and prevent future attacks.
• Continuous monitoring: Following the incident, the client onboarded Unit 42 Managed Detection and Response (MDR) services for continuous monitoring, ensuring they are better prepared to handle future threats.

The Takeaway

This attack serves as a stark reminder that even a single compromised credential can create a domino effect, leading to a catastrophic security breach. The swift and sophisticated tactics of threat actors like Ignoble Scorpius and their use of BlackSuit ransomware demonstrate the critical need for a proactive and multi-layered defense strategy.

By implementing MFA on all remote access points, and integrating robust endpoint visibility, automated containment, and expert guidance, organizations can not only disrupt an attack in progress but also shore up their defenses to prevent future incidents. Most importantly, investments in proactive security assessments have shown to pay dividends that far outweigh the costs of operational and financial impact of a full-scale ransomware attack.

Interested in learning more about the latest attack trends? If so, take a look at our 2025 Unit 42 Global Incident Response Report, which distills the most critical findings based on our direct experience responding to real-world cyberattacks at over 500 organizations across 38 countries.

Additional Resources

About Unit 42

Unit 42 strengthens your team with the tools and expertise needed to stay ahead of threats like BlackSuit ransomware and protect your business. With our proven strategies and insights from thousands of engagements, we’ll help your team handle the toughest situations with confidence.

By Bill Peters

Collaboration will help Walmart gain a bigger technological edge and stand out as retailers try to win over cautious consumers, one analyst says

A new partnership will let consumers buy items sold at Walmart through OpenAI’s ChatGPT and Instant Checkout.

Walmart Inc. was the Dow Jones Industrial Average’s top percentage gainer on Tuesday and closed at a record high, after the big-box chain announced a partnership that will soon allow customers to buy items at the retailer through OpenAI’s artificial-intelligence chatbot ChatGPT.

Shares of Walmart (WMT) finished 4.9% higher on Tuesday.

The partnership between the retail bellwether and OpenAI will let customers and members buy items sold at Walmart through ChatGPT and Instant Checkout, a shopping tool OpenAI introduced late last month.

In a statement, Walmart Chief Executive Doug McMillon – who said last month that it was “very clear that AI is going to change literally every job” – said the move marked a bigger shift in online shopping.

“For many years now, e-commerce shopping experiences have consisted of a search bar and a long list of item responses,” he said. “That is about to change. There is a native AI experience coming that is multimedia, personalized and contextual.”

AI assistants and other uses of the technology have become more common in e-commerce. A recent Adobe survey of 5,000 U.S. consumers found that more than one-third said they used an AI service to help them with online shopping.

Walmart made the announcement as shoppers continue to struggle with higher prices – and increasingly turn to mass retailers for relief – and as retailers navigate the U.S.-led trade war. Meanwhile, concerns have grown about the astronomical costs to develop AI, as well as consumers’ willingness to pay for it.

Walmart already uses AI in things like customer service and clothing design. UBS analyst Michael Lasser, in a note on Tuesday, said Walmart’s announcement underscored the retailer’s ability to keep pace with trends in technology and shopping.

“Thus, this should provide incrementality and differentiation vs. the rest of retail,” he said.

D.A. Davidson’s Michael Baker, in a note on Tuesday, was also upbeat about the move.

“This supports our view that Walmart will be a winner among traditional retailers in the agentic commerce race,” he said, referring to the digital AI “agents” designed to help humans with tasks.

Jefferies analyst Corey Tarlowe said the announcement “positions Walmart at the forefront of AI-driven retail,” and would make shopping easier while boosting the chain’s sales and margins.

When OpenAI announced Instant Checkout last month, it said U.S. ChatGPT users would be able to make in-chat purchases from domestic Etsy Inc. (ETSY) merchants, with products from sellers on Shopify Inc. (SHOP) to be made available later. At the time, it said shoppers could make single-item purchases on Instant Checkout, with multi-item purchases set to follow.

Shares of Walmart are up 18.7% so far this year.

-Bill Peters

This content was created by MarketWatch, which is operated by Dow Jones & Co. MarketWatch is published independently from Dow Jones Newswires and The Wall Street Journal.

  (END) Dow Jones Newswires

  10-14-25 1840ET
Copyright (c) 2025 Dow Jones & Company, Inc.

BRISBANE (October 15 2025) — AECOM, the trusted global infrastructure leader, today announced it has recommitted to its partnership with the Great Barrier Reef Foundation and will provide in-kind advisory and technical consulting services aimed at finding tangible Reef restoration and resilience solutions over four more years. This builds on AECOM’s long-standing commitment to the Reef, which began in 2018 when work for the Foundation commenced. It led to a formalised partnership in 2022 and AUD$1 million of in-kind support provided over the three successful years since. 

AECOM has supported several projects for the Great Barrier Reef Foundation, including its Resilient Reefs Initiative, Roads to Reef Initiative, Reef Islands Initiative and Blue Carbon Program. 

“It’s an honour to recommit AECOM to another successful four years of using our specialist water and environmental advisory skills for good; delivering practical solutions to help sustain our Reef ecosystems for generations, a commitment to our purpose of delivering a better world,” said Mark McManamny, chief executive of AECOM’s Australia and New Zealand region. “The goal of AECOM’s Sustainable Legacies strategy is straightforward; leave a lasting positive impact on our communities and our planet, and this continued partnership is the embodiment of that ambition.” 

“The Great Barrier Reef Foundation has worked with AECOM to build the resilience of coral reefs across four iconic world heritage sites, improve water quality outcomes on the Great Barrier Reef, and explore nature-based solutions such as blue carbon,” said Anna Marsden, managing director of the Great Barrier Reef Foundation. “We are delighted to continue this powerful partnership, which in this next phase will focus on prioritising large-scale coastal ecosystem protection and restoration. AECOM’s specialist skills and industry expertise will be vital in helping us achieve our future aims and address the most complex and challenging problems facing the Great Barrier Reef’s survival.” 

Roads to Reef Initiative 

Roads to Reef has been the primary initiative over the past three years of partnership. AECOM road and water engineers, along with resilience advisors, have been working with the Great Barrier Reef Foundation and Local Government Association Queensland. The aim has been to develop decision-support tools to identify areas at high risk of unsealed road erosion within the Reef catchment, thereby helping to minimise water quality impacts. AECOM specialists have undertaken hydrologic and GIS modelling across thousands of kilometres of unsealed roads and drainage paths throughout the entire Reef catchment.  

Key outcomes: 

• Developed the first comprehensive model estimating how much fine sediment runoff from the entire unsealed road network is draining into the Great Barrier Reef lagoon.  

• Delivered the first model demonstrating that unsealed roads can contribute a significant portion of fine sediment runoff per unit area. 

• Created a framework to test future interventions, including nature-based solutions, aimed at reducing sediment runoff from unsealed roads, supporting local governments and other road management authorities in securing funding for these interventions. 

Reef Islands Initiative  

Reef Islands Initiative is the primary initiative within the recommitted partnership. AECOM environmental advisors are supporting the Great Barrier Reef Foundation to develop a prioritisation process that would action multi-habitat restoration activity on and around the Great Barrier Reef islands. Advice is being provided on terrestrial and marine ecosystem restoration opportunities, supporting increased biodiversity and resilience, and First Nations and community partnerships. 

Resilient Reefs Initiative 

AECOM’s partnership with the Great Barrier Reef Foundation builds upon its successful foundational collaboration on the Resilient Reefs Initiative that commenced in 2018. AECOM helped build reef resilience across UNESCO World Heritage-listed coral reefs, working with stakeholders on actionable resilience strategies. AECOM environmental advisors provided support for the release of the Ningaloo Coast, Rock Islands of Palau, Belize Barrier Reef Reserve System and the Lagoons of New Caledonia reef resilience strategies. 

Key outcomes: 

• Delivered the first fully integrated and transferable model, with priority actions and funding allocations, for building resilience of both coral reefs and the communities that depend on them, from planning to implementation. 

Blue Carbon Program 

AECOM and the Great Barrier Reef Foundation are developing a white paper to discuss unlocking existing regulatory barriers that prevent blue carbon projects in the Great Barrier Reef catchments. Blue carbon projects refer to conservation, restoration and management efforts that enhance coastal and marine ecosystems like mangroves, seagrass and saltmarsh to sequester and store carbon. The paper is intended to advocate for blue carbon-focused, nature-based solutions within regulatory frameworks as legitimate alternatives to traditional engineering solutions. It seeks to streamline the approvals process for these efforts and provide evidence of their value. 

About AECOM  

AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients’ complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.  

About the Great Barrier Reef Foundation 

The Great Barrier Reef Foundation is creating a future for the world’s coral reefs by restoring reefs and coastal habitats and helping them adapt to the impacts of climate change. We’ve built a collaborative organisation to raise funds, invest in innovative ideas and design real-world, scalable conservation programs that are delivering breakthroughs in marine and terrestrial restoration. Walking in step with First Nations people and front-line communities, the Foundation is fast-tracking and deploying solutions around the world.