A new report published by SentinelOne last week revealed that the threat actors (TA) associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation have been abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.
We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.