In late 2024, Darktrace detected unusual activity linked to Cyberhaven's Chrome browser extension. Read more about Darktrace’s investigation here.

In 2024, Darktrace identified a cluster of intrusions involving the state-linked malware, ShadowPad. This blog will detail ShadowPad and the associated activities detected by Darktrace.

In January 2025, Ivanti disclosed two critical vulnerabilities affecting their products. Darktrace detected exploitation of these vulnerabilities as early as December 2024.

Lynx ransomware, emerging in 2024, targets finance, architecture, and manufacturing sectors with phishing and double extortion. Read on for Darktrace's findings.

Explore Darktrace's Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.

Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks.

Discover how RansomHub is rising in the ransomware landscape, using tools like Atera and Splashtop, reconnaissance tactics, and double extortion techniques.

Reimagining your SOC Part 3/3: This blog explores the challenges security professionals face in managing cyber risk, evaluates current market solutions, and outlines strategies for building a proactive security posture.

Reimagining your SOC Part 1/3: This blog shows how security teams can move to autonomous detection and investigation of novel threats, reducing alert fatigue, and enabling tailored, real-time threat response.

Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks.

File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo's MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team’s investigation into these vulnerabilities.

This blog explores how Darktrace shut down a major third-party cyber-attack, preventing the deployment of ransomware. Read more to discover how the security team now spends 80-90% of their time working on more strategic projects vs. manual, low-level tasks.

Darktrace is recognized as a Leader in the IDC MarketScape. Read this blog to find out more about Darktrace's leadership in the market and our pioneering leadership in AI over the past decade, alongside a variety of other unique differentiators and innovations in the NDR industry.

Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-0012 and 2024-9474). Learn about the spike in post-exploitation activities and understand the need for anomaly-based detection to stay ahead of evolving threats.

Darktrace just picked up the title of "Overall Leader" in KuppingerCole's 2024 Leadership Compass for Network Detection and Response (NDR). Why? Our Self-Learning AI and smart automation make tackling threats faster and easier, helping security teams stay ahead of the game.

Delve into the complexities of the Royal and Blacksuit ransomware strains and their implications for cybersecurity in today’s digital landscape.

This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.

Android-based malware like Triada is increasingly targeting banking and communication apps to steal sensitive data. Triada uses sophisticated methods to evade detection, exfiltrating data to C2 servers via algorithmically generated hostnames. This underscores the need for advanced security measures to protect against these evolving threats and safeguard user data.

When a remote user fell victim to a vishing attack, allowing a malicious actor to gain access to a customer network, Darktrace swiftly detected the intrusion and responded effectively. This prompt action prevented any data loss and reinforced trust in Darktrace’s robust security measures.

Read about the methods used to exploit FortiClient EMS and the critical post-exploitation tactics that affect cybersecurity defenses.