August 14, 2024 Ransomware attackers introduce new EDR killer to their arsenal Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks Threat Research
March 04, 2024 It’ll be back: Attackers still abusing Terminator tool and variants First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions Threat Research
December 13, 2022 Signed driver malware moves up the software trust chain The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate Security OperationsThreat Research