Cybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid, […]
The post Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform