This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …
This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …
In the face of increasingly vigilant security teams and adept defense tools, attackers are continually looking for new ways to circumvent network security …
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data …
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Social Engineering in…This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2024. Darktrace’s Self-Learning AI ensured the customer was …
Across an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications. While attackers …
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
IntroductionAcross an ever changing cyber …
In May 2023, Kroll Cyber Threat Intelligence Analysts identified CACTUS as a new ransomware strain that had been actively targeting large commercial organizations since March 2023 …
This blog examines CACTUS, a relatively new strain of ransomware that first appeared in the threat landscape in March 2023. In November 2023, Darktrace detected CACTUS ransomware on a US …
In May 2023, Kroll Cyber Threat Intelligence Analysts identified CACTUS as a new ransomware strain that had been actively targeting large commercial organizations since March 2023 …
This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within …
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a …
Throughout 2023, the Darktrace Threat Research team identified and investigated multiple strains of loader malware affecting customers across its fleet. These malicious programs typically serve …
This blog details Darktrace’s investigation into the Pikabot loader malware, observed across multiple customers in 2023. In an October 2023 incident, Darktrace identified Pikabot employing new tactics that may have …
While email has long been the vector of choice for carrying out phishing attacks, threat actors, and their tactics, techniques, and procedures (TTPs), are continually adapting and …
This blog discusses an example of a malicious actor utilizing the cloud storage service Dropbox in order to carry out a phishing attack against a Darktrace customer. Thanks to Darktrace/Email …
In October 2023, the network of a Darktrace customer was targeted with ALPHV, or BlackCat, ransomware. An investigation into the attack revealed the usage of methods associated with the Nitrogen …
Quasar is a legitimate remote administration tool that has become popular among threat actors due to its range of capabilities and availability in open source. This blog details how Darktrace …
In this blog we discuss Gootloader, a popular loader malware variant that was observed affecting a Darktrace customer in late 2023. Darktrace was able to identify and contain the suspicious …
This blog explores a series of CoinLoader compromises observed by Darktrace in late 2023. CoinLoader is a loader malware known to carry out cryptocurrency mining on infected devices. Darktrace’s autonomous …