Web: https://thehackernews.com/2022/08/lockbit-ransomware-abuses-windows.html

Aug. 2, 2022, 8:07 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. 
According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server.
"Once initial

cobalt cobalt strike defender lockbit lockbit ransomware payload ransomware windows windows defender

Sr. Security Consultant for Aerospace & Satellite Professional Services , Aerospace & Satellite Professional Services

@ Amazon.com | US, FL, Virtual Location - Florida

Cyber Threat Intelligence (CTI) Analyst

@ XOR Security | Alexandria, VA

SC2022-002063 Cyber Security Incident Investigator (NS) - TUE 30 Aug Relaunch

@ EMW, Inc. | Mons, Wallonia, Belgium

Senior SOC Analyst

@ XOR Security | Alexandria, VA

Cyber Protect Expert Engineer

@ Acronis | Bucharest, Bucharest, Romania

Senior Consultant, PCI QSA | Remote US

@ Coalfire | Denver, CO