An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […]
The post LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender appeared first on Security Affairs.
This article has been indexed from Security Affairs
Read the original article: