Cybereason reported its discoveries to the client, who then used both Windows Group Policy Object (GPO) and Cybereason’s execution prevention feature that prevents PowerShell execution. But the attacker didn’t give up — the group adapted, initially concentrating on its own custom and stealthy backdoors.
Read full news article on SecurityWeek