A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused on evading detection.
A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory.
The files pointed to a broader framework focused on evading detection. The environment contained Cobalt Strike profiles designed to disguise beacon traffic as legitimate web requests, a Telegram-based system, and other tools for testing evasion.