Tuesday, August 2, 2022

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial
http://dlvr.it/SVwbym
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Exploitation of vulnerabilities affecting Cisco Firewall... - NCSC.GOV.UK - National Cyber Security Centre

Exploitation of vulnerabilities affecting Cisco Firewall... - NCSC.GOV.UK  National Cyber Security Centre http://dlvr.it/T65k1P