Group Policy Under Attack
Group Policy is a powerful and core capability of Microsoft Active Directory. While it is a vital tool for IT and cybersecurity professionals, it is increasingly a key target of cybercriminals. Indeed, threat intelligence firm Mandiant has outlined a five-phase playbook that threat actors are actively using to conduct both espionage and disruptive operations — and an entire step of the playbook is devoted to abuse of Group Policy!
This white paper analyzes exactly how Group Policy is being misused by adversaries, based on the research of IT security experts into real cyberattacks. Then it explores the specific factors that make Group Policy an attractive target. Finally, it reveals the key strategies organizations need to adopt to defend their Group Policy — and their business.