February 23, 2024

ConnectWise ScreenConnect attacks deliver malware

Multiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments

Threat Research

May 18, 2023

The Phantom Menace: Brute Ratel remains rare and targeted

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

Threat Research

June 15, 2022

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

Attacker targets bugs in a popular web application graphical interface development tool

Security OperationsThreat Research

June 07, 2022

The Active Adversary Playbook 2022

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Security OperationsThreat Research

February 28, 2022

Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits

An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted.

Threat Research

January 19, 2022

Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike

Security Operations

August 05, 2021

“Cobalt Strike” network attack tool patches crashtastic server bug

Ahhhh, the irony! Red-team network attack tool has its very own bug for Blue Teams to counterexploit.

Naked Security

May 11, 2021

A defender’s view inside a DarkSide ransomware attack

What to expect when you're targeted by a headline-seeking threat actor

SophosLabs UncutThreat Research

May 07, 2021

New Lemon Duck variants exploiting Microsoft Exchange Server

SophosLabs UncutThreat Research