Hackers use Windows Defender tool to install ransomware

Hackers have used a Windows Defender tool to distribute undetected LockBit 3.0 ransomware on a system. American computer security company SentinelOne was investigating the incident.

The attackers entered a server through a vulnerability in the Log4j logging program. They ran a number of commands in PowerShell, which included using Windows Defender’s MpCmdRun.exe command-line tool to set up a so-called Cobalt Strike ‘beacon’.

Cobalt Strike is legitimate software to perform system and network penetrations, but hackers now use it to set up a beacon, which allows malware to be uploaded to a server. In this case, it was LockBit 3.0 ransomware, which encrypts your files and demands cryptocurrencies as a ransom.

It’s not the first time that LockBit 3.0 attackers have used legitimate software for their practices, as VMWare’s own command-line interface has already come into play.

MpCmdRun.exe in the Command Prompt.


« Previous post Next post »

See also  An exceptional parcel for sale at Boulanger



Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media

Most Popular

On Key

Related Posts