In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
Beyond the Search Bar: Methodological OSINT in 2026
In the early days of Open-Source Intelligence (OSINT), the discipline was often defined by the "tool-first" mentality. Success was measured by the size of one’s bookmark folder or the obscurity of a specific Python script. However, as we move through 2026, the...
2026 Cyber Forecast: The Rise of “Super-Malware” and Deep Infrastructure Sieges
As we close out 2025, the threat landscape has shifted from opportunistic attacks to highly engineered, systemic campaigns. The final quarter of this year gave us two "canary in the coal mine" moments—the financial industrialization of GoldFactory and the deep...
Critical Alert: Sophisticated Impersonation Campaign Targets 150+ Organizations
As reported by the Microsoft Threat Intelligence Center (MSTIC), we are currently witnessing a new, high-volume wave of sophisticated spear-phishing attacks. This campaign marks a significant escalation in nation-state tradecraft for the 2026 threat landscape....