Source |
Tech Worm |
Identifiant |
6036198 |
Date de publication |
2022-07-30 14:53:14 (vue: 2022-07-30 15:06:11) |
Titre |
LockBit Operators Abusing Microsoft Defender To Load Cobalt Strike Beacon |
Texte |
>Researchers from the cybersecurity company, SentinelOne have discovered that Microsoft's Windows Defender is being abused by a threat actor associated with the LockBit 3.0 ransomware operation to load Cobalt Strike beacons onto potentially compromised systems and evade EDR and AV detection tools. The researchers found that Microsoft Defender's command line tool “MpCmdRun.exe” was abused to […]
|
Envoyé |
Oui |
Condensat |
>researchers abused abusing actor associated beacon beacons being cobalt command company compromised cybersecurity defender detection discovered edr evade exe” found from have line load lockbit microsoft onto operation operators potentially ransomware researchers sentinelone strike systems threat tool tools windows “mpcmdrun |
Tags |
Ransomware
Tool
Threat
|
Stories |
|
Notes |
|
Move |
|