Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

6 days ago [email protected] (The Hacker News)
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools


Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro.
Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named “msimg32.dll,”

The post “Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

3 hours ago [email protected] (The Hacker News)

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

3 days ago [email protected] (The Hacker News)

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

4 days ago [email protected] (The Hacker News)

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

4 days ago [email protected] (The Hacker News)

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

4 days ago [email protected] (The Hacker News)

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

5 days ago [email protected] (The Hacker News)