LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender | allinfosecnews.com

Aug. 2, 2022, 12:30 p.m. | Pierluigi Paganini

Security Affairs securityaffairs.co

An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […]

The post LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender appeared first on Security Affairs.

affiliate breaking news cobalt cobalt strike cyber crime cybercrime defender hacking hacking news information security news it information security lockbit lockbit 3.0 malware pierluigi paganini raas strike windows windows defender

More from securityaffairs.co / Security Affairs

North Korea-linked APT groups target South Korean defense contractors 10 hours ago | securityaffairs.co

agency andariel apt apt groups +29

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity 21 hours ago | securityaffairs.co

business commercial commercial spyware department +19

A cyber attack paralyzed operations at Synlab Italia 22 hours ago | securityaffairs.co

april attack breaking news cyber +15

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw 1 day, 8 hours ago | securityaffairs.co

apt apt28 blizzard breaking news +24

Hackers threaten to leak a copy of the World-Check database used to assess potential risks … 1 day, 16 hours ago | securityaffairs.co

breaking news check claims copy +27

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities 1 day, 19 hours ago | securityaffairs.co

argument capabilities conversion dos +17

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites 1 day, 22 hours ago | securityaffairs.co

breaking news cert dev file +16

Akira ransomware received $42M in ransom payments from over 250 victims 2 days, 9 hours ago | securityaffairs.co

advisory akira akira ransomware breached +29

DuneQuixote campaign targets the Middle East with a complex backdoor 2 days, 13 hours ago | securityaffairs.co

backdoor breaking news campaign dropper +19

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Director, Data Security Lead

@ Mastercard | London, England (Angel Lane)

View on infosec-jobs.com

Security Officer L1

@ NTT DATA | Texas, United States of America

View on infosec-jobs.com

Sr. Staff Application Security Engineer

@ Aurora Innovation | Seattle, WA

View on infosec-jobs.com

Senior Penetration Testing Engineer

@ WPP | Chennai

View on infosec-jobs.com

Cyber Security - Senior Software Developer in Test

@ BlackBerry | Bengaluru, Residency Road

View on infosec-jobs.com