Wired reports on strong Russian interest in password cracking tool Mimikatz:
In early 2012, Delpy was invited to speak about his Windows security work at the Moscow conference Positive Hack Days. He accepted—a little naively, still thinking that Mimikatz’s tricks must have already been known to most state-sponsored hackers. But even after the run-in with the man in his hotel room, the Russians weren’t done. As soon as he finished giving his talk to a crowd of hackers in an old Soviet factory building, another man in a dark suit approached him and brusquely demanded he put his conference slides and a copy of Mimikatz on a USB drive.
Delpy complied. Then, before he’d even left Russia, he published the code open source on Github, both fearing for his own physical safety if he kept the tool’s code secret and figuring that if hackers were going to use his tool, defenders should understand it too.
As the use of Mimikatz spread, Microsoft in 2013 finally added the ability in Windows 8.1 to disable WDigest, neutering Mimikatz’s most powerful feature. By Windows 10, the company would disable the exploitable function by default.
But Rendition’s Williams points out that even today, Mimikatz remains effective on almost every Windows machine he encounters, either because those machines run outdated versions of the operating system, or because he can gain enough privileges on a victim’s computer to simply switch on WDigest even if it’s disabled.