A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunderNTLMv2 hashesfrom compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. “In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang’s