Valid credentials used in attack

Managed services provider, Advanced, has confirmed its systems were attacked with ransomware, compromising customer data. The attackers gained access via third-party credentials and then used an RDP session to infect the Citrix server of Staffplan – an app widely used in the care sector. The attack took seven NHS and other medical applications offline, affecting around 79,000 of Advanced’s 25,000 customers.