Thoma Bravo Announces Offer to Acquire Darktrace plc
Learn more
Platform
Products
/ NETWORK
Proactive protection
/ EMAIL
Cloud-native AI security
/ CLOUD
Complete cloud coverage
/ OT
Comprehensive risk management
/ IDENTITY
360° user protection
/ ENDPOINT
Coverage for every device
/ Proactive Exposure Management
/ Attack Surface Management
/ Incident Readiness & Recovery
Cyber AI Analyst
Investigates every alert like a human analyst, at the speed and scale of AI
Darktrace Services
Maximize your security investments with 24/7 expert support and incident management from our global SOC team.
AI Research Centre
Resources
Customers
Blog
Events
Inside the SOC
The Inference
Glossary
All resources
White paper
Half Year Threat Report 2024
Company
Careers
Leadership
News
Federal
Investors
Academy
Legal
About us
Contact
Partners
Overview
Partner Portal
Technology Partners
Integrations
Featured Partners
Microsoft
AWS
Mclaren
Products
Overview
/ NETWORK
Proactive protection
/ EMAIL
Cloud-native AI security
/ CLOUD
Complete cloud coverage
/ OT
Defend critical systems
/ IDENTITY
360° user protection
/ ENDPOINT
Coverage for every device
/Proactive Exposure Management
/Attack Surface Management
/Incident Readiness & Recovery
Cyber AI Analyst
Services
AI Research Centre
Resources
All Resources
Customers
Blog
Events
The Inference
Inside the SOC
Glossary
Company
About us
Contact
Careers
Leadership
News
Federal
Academy
Legal
Partners
Overview
Partner Portal
Technology Partners
Become a Partner
Integrations
Microsoft
AWS
Mclaren
Get a demo
Get a demo
Darktrace Blog
Inside the SOC
A series exclusively authored by Darktrace's expert cyber analysts, containing technical deep dives of cyber incidents and the latest threat trends.
Latest Blog Posts
Phishing and persistence: Darktrace’s role in defending against a sophisticated account takeover
In a recent incident, Darktrace uncovered a M365 account takeover attempt targeting a company in the manufacturing industry. The attacker executed a sophisticated phishing attack, gaining access through the organization’s SaaS platform. This allowed the threat actor to create a new inbox rule, potentially setting the stage for future compromises.
Lifting the Fog: Darktrace’s Investigation into Fog Ransomware
In early May 2024, Fog ransomware was first observed in the wild, seemingly targeting US-based educational organizations. Read on to find out about Darktrace’s investigation into this novel ransomware threat.
Decrypting the Matrix: How Darktrace Uncovered a KOK08 Ransomware Attack
In May 2024, a Darktrace customer was affected by KOK08, a ransomware strain commonly used by the Matrix ransomware family. Learn more about the tactics used by this ransomware case, including double extortion, and how Darktrace is able to detect and respond to such threats.
A Busy Agenda: Darktrace’s Detection of Qilin Ransomware-as-a-Service Operator
This blog examines the tactics, techniques and procedures associated with the notorious Ransomware-as-a-Service operator Qilin. Darktrace’s Threat Research team investigated several examples of Qilin actors targeting Darktrace customers between 2022 and 2024.
The Price of Admission: Countering Stolen Credentials with Darktrace
This blog examines a network compromise that stemmed from the purchase of leaked credentials from the dark web. Credentials purchased from dark web marketplaces allow unauthorized access to internal systems. Such access can be used to exfiltrate data, disrupt operations, or deploy malware.
Stemming the Citrix Bleed Vulnerability with Darktrace’s ActiveAI Security Platform
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2023. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.
Don’t Take the Bait: How Darktrace Keeps Microsoft Teams Phishing Attacks at Bay
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Lost in Translation: Darktrace Blocks Non-English Phishing Campaign Concealing Hidden Payloads
This blog explores how Darktrace/Email was able to successfully identify a wave of phishing emails sent from addresses belonging to a major fast-food chain which were leveraged in a coordinated attack. Despite the use of non-English language emails and payloads hidden behind QR codes, Darktrace was able to detect the attack and block the phishing emails in the first instance.
Connecting the Dots: Darktrace’s Detection of the Exploitation of the ConnectWise ScreenConnect Vulnerabilities
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
Detecting Attacks Across Email, SaaS, and Network Environments with Darktrace’s ActiveAI Security Platform
This blog explores how Darktrace’s combined AI approach enabled it to identify and connect an attack that took place over three critical areas of a customer’s digital environment, namely email, SaaS and network.
A Thorn in Attackers’ Sides: How Darktrace Uncovered a CACTUS Ransomware Infection
This blog examines CACTUS, a relatively new strain of ransomware that first appeared in the threat landscape in March 2023. In November 2023, Darktrace detected CACTUS ransomware on a US customer network and was able to provide full visibility over the attack and its kill chain.
Sliver C2: How Darktrace Provided a Sliver of Hope in the Face of an Emerging C2 Framework
This blog discusses Sliver, a legitimate C2 framework that has recently been utilized by malicious actors as an alternative to Cobalt Strike. Darktrace was able to detect multiple cases of attackers using Sliver C2 in 2023 and 2024.
Balada Injector: Darktrace’s Investigation into the Malware Exploiting WordPress Vulnerabilities
This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within customer environments which followed previously identified patterns of activity spikes across multiple weeks.
Darktrace Threat Research Investigates Raspberry Robin Worm
The Darktrace Threat Research team investigates Raspberry Robin, an evasive worm in USB drives. Learn how to protect yourself from this malicious variant.
What are Botnets and How Darktrace Uncovers Them
Learn how Darktrace detected and implemented defense protocols against Socks5Systemz botnet before any threat to intelligence had been published.
Pikabot: Battling a Fast-Moving Loader Malware
Discover how Darktrace tackled the Pikabot loader malware in 2023, the new tactics used, and how traditional security measures were bypassed.
Simulated vs. Real Malware: What You Need To Know
Learn how Darktrace distinguishes between simulated and real malware. Discover the advanced detection techniques used to protect your network.
Get The Drop On Phishing Attacks Abusing Dropbox
Discover how phishing attacks are exploiting Dropbox. Learn how to protect yourself from these threats with Darktrace’s latest analysis.
Protecting Against AlphV BlackCat Ransomware
Learn how Darktrace AI is combating AlphV BlackCat ransomware, including the details of this ransomware and how to protect yourself from it.
When a Quasar Remote Access Tool Falls Into the Wrong Hands
Quasar Remote Access Tools are versatile open source administration tools, but the wrong hands can use them for malicious purposes. Darktrace explains why.
Next