LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

2 August 2022

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server.

Read full article on The Hacker News

Date:

2 August 2022

Categorie(s):

NEWS

Tag(s):

IT, News, Payloads, Ransomware, Windows Defender

Google’s Gemini AI Chatbot Keeps Telling Users to Die16 November 2024
Cybersecurity Flaws in US Drinking Water Systems Put 26 Million at Risk16 November 2024
High Performance Software Defined Receivers16 November 2024
Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist16 November 2024
Rust haters, unite! Fil-C aims to Make C Great Again16 November 2024