Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
PetitPotam let attackers gain control of an entire Windows domain. It has been discovered by the cybersecurity researcher topotam. It coerces machine account authentication via MS-EFSRPC
PetitPotam is a new kind of cyber attack to coerce machine account authentication via MS-EFSRPC, and consequently to take over an entire Windows domain. It has been discovered by the cybersecurity expert topotam. The researcher released a PoC script on GitHub to explain how it works. The MS-EFSRPC is a Microsoft Encrypting File System Remote Protocol is used for maintenance and management operations on encrypted data that is stored remotely and accessed over a network.