Last week, the Huntress SOC observed Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, during a real-world intrusion investigation. @Curity4201 breaks down the details. 🔍 Check out the full write-up: okt.to/uUzJOA

The @HuntressLabs SOC has discovered that KongTuke is now using malicious Chrome extensions to deliver their payloads with fake error pages. @Curity4201, @RussianPanda9xx, and I will be working on getting some more info out Soon™️

Step two of ransomware: maintaining access Once attackers are in, they don’t stop. They escalate privileges, dump creds, map the network, and burrow deeper. Huntress SOC Analyst Dani D. breaks down how they do it, and how defenders can spot the signs.

SOC Analysts at @HuntressLabs have observed an uptick in Fake Resume malware. Think twice before downloading a file named 'Michael.Jacobs[.]zip', it might be the candidate that infects you.🫢