…we determined that the host that had installed the Huntress agent was, in fact, malicious. We wanted to serve the broader community by sharing what we learned about the tradecraft that the threat actor was using in this incident. In deciding what information to publish about this investigation, we carefully considered several factors, like strictly upholding our privacy obligations, as well as disseminating EDR telemetry that specifically reflected threats and behavior that could help defenders.
https://www.huntress.com/blog/rare-look-inside-attacker-operation archived at https://archive.ph/viu8w
Re: Kaspersky, allegedly: https://www.kaspersky.co.uk/blog/kaspersky-in-the-shitstorm/11926/
Leave a Reply