Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Carlos Gray
Senior Product Marketing Manager, Email
Share
21
Nov 2022
During an initial demo with a water management company, Darktrace found an industrial control system exposed to the internet. Immediately, the organization went into incident response mode because this system was mission critical and could potentially impact the water facilities, as it had the power to adjust water flow.
This asset was exposed because of a simple misconfiguration, highlighting to the customer the need for proactive monitoring of its attack surface. In this case, the engineer who set up the system had simply not noticed the mistake, but these scenarios could be more dangerous and more likely if insider threat is involved.
The growing threat of misconfigurations in cybersecurity
Misconfigurations arise when vital security settings are either not applied or applied incorrectly. Such misconfigurations produce vulnerable security openings that can be exploited by attackers to either gain a foothold in the asset or generate a more dangerous attack, like altering water flow or deploying ransomware. There is a wide variety of assets that are subject to potential misconfigurations, including web or application servers, cloud containers, custom code, network devices like desktops or servers, and entire databases.
Unfortunately, the pervasiveness of misconfigurations is only increasing. In the past 12 months, there has been a 310% increase in hackers reporting misconfiguration vulnerabilities to the HackerOne platform.
Unique risks for industrial control systems and critical infrastructure
Every digital environment has its own characteristics that alter the prevalence or the impact of misconfigurations. For example, industrial devices that support critical infrastructure are all the more sensitive to these types of changes, as these devices often have limited integrated security, despite their highly delicate functions. Because with every vendor and device has its own recommended configuration, security teams must take additional precautions.
In cloud environments, the ease of deployment and increased capabilities also tend to produce more misconfigurations. Digital footprints are growing at such a pace that security departments may opt to skip onboarding processes of technologies to avoid becoming an obstacle for the business. It has become so easy for any department, regardless of their technical knowledge, to add cloud applications, software, or even hardware to the company's architecture. This is why shadow IT is so troublesome: it's impossible for the security team to ensure something is well configured if they don’t even know it exists.
In addition, due to rapid growth, security and IT teams aren’t experts in every technology included within the enterprise architecture. So, the teams may do their best to apply security controls while being unaware the current configuration is a misconfiguration. With digital assets’ constant evolution, they may even be configured correctly at one point but become misconfigured in the future if not updated.
Mitigating Misconfiguration
It’s human nature that we make mistakes, and the more assets and third parties that are introduced, the more mistakes are possible. However, there are certain steps organizations can take towards reducing the frequency and the impact of misconfigurations.
Any organization needs to have discovery processes to maintain an updated inventory of their assets, and should categorize these assets based on their exposure as well as their criticality to the business. This information should feed into the organization’s risk analysis, which in turn informs the priority of mitigation actions or controls. This process, when done manually, can be long and arduous, and is not continuous: as organizations’ digital footprints are evolving so rapidly, these analyses can become obsolete quickly.
On the other hand, organizations must also monitor the activity of these assets and not just assess them at face value. As with anything in security, security teams need to be weary of the symptoms. Inappropriate configurations will often generate alerts such as slow performance, multiple suspicious login attempts, bloatware, unexpected application behavior such as redirects or shutdowns.
With ASM, security teams gain visibility of the entire external attack surface, including elusive assets like shadow IT and legacy devices. It frequently uncovers misconfigurations and recommends how to mitigate the risks caused by them. Some examples include email spoofing, no SPF records, no DKIM records, no DMARC records, subdomain takeover possible, and missing routes for netblocks.
The truly unique aspect of a Self-Learning technology is that security teams receive notifications tailored to the precise assets within their architectures. In other words, the tool will only provide the misconfiguration recommendations for the specific assets that require it, instead of having to reverse engineer state-of-the-art security and then trying to see where it can apply within the organization. With Darktrace, security teams are already getting that information directly. In fact, it doesn’t stop there, misconfigurations are prirotized by the risk inherited. The security team only has to check the list of misconfigurations in order of priority and take action on them.
Exposure management & attack paths
From an internal perspective, Darktrace / Proactive Exposure Management will map those misconfigurations to potential attack paths, answering the question of what damage each misconfiguration can lead to and more importantly how: an attacker could go from that initial misconfiguration through each lateral movement, whether it is via a device or a user, and then reach the most critical devices within the infrastructure.
Often in security, the focus can drift to the latest tactics and techniques being used by large Advanced Persistent Threats, but a simple misconfiguration caused by a rushed or distracted employee can pose an equally large threat. An innocent mistake can often open an even larger weakness in the digital architecture, as the attacker doesn’t have to force to open the window to break in.
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
A stadium during a major sporting event is simultaneously a city, a broadcast hub, a transport node, a public safety space, and a national symbol. That makes them attractive not just to criminals, but to politically motivated and state‑aligned threat actors willing to plan years ahead. With the 2026 FIFA World Cup spanning three nations and dozens of host cities, those challenges – and the AI now amplifying them – have never carried higher stakes.
Healthcare’s OT Cybersecurity Gap: Why Hospitals Must Make the Same Security Investments as Regulated Critical Infrastructures
Healthcare organizations rely on OT and IoMT more than ever. Learn why OT cybersecurity expertise, visibility, and governance are critical to reducing operational risk and strengthening cyber resilience.
Data Center Security: Improving Visibility and Threat Detection Across IT, OT, and IoT
Modern data centers now operate as highly interconnected IT, OT, and IoT environments, creating new cybersecurity risks that traditional siloed security tools struggle to detect. This blog explores how IT/OT convergence expands the attack surface, why visibility gaps emerge, and how behavioral AI-driven security helps organizations detect and contain threats before operational disruption occurs.
From Click to Command: Behavioral Detection of AppleScript-Led MacOS Intrusions
Introduction
Darktrace’s Threat Research team is publishing this analysis to help defenders understand an active pattern of macOS tradecraft observed in multiple customer environments. This post summarizes the behaviors observed, how they were assessed, and what defenders can do now.
Across multiple environments, Darktrace observed a consistent MacOS intrusion pattern beginning with ClickFix-style user-assisted “update” execution and transitioning into AppleScript-driven post-compromise activity and sustained outbound signaling.
While individual indicators were low-confidence, the repeated convergence of weak behavioral signals — including HTTP POST beaconing, rare or IP-only destinations, SSL anomalies, and abnormal client characteristics — provided a defensible indication of command-and-control establishment Darktrace detection and response in these cases was driven by behavior over artifacts. In the highest-confidence instances, automated containment disrupted outbound signaling before sustained tasking could occur.
Background
ClickFix-style activity typically relies on user-assisted execution and plausible “update” pretexting, followed by post-execution use of native tools to keep the footprint light. In MacOS environments, AppleScript and other built-in scripting mechanisms enable flexible post-compromise workflows while minimizing stable file-based indicators.
Following execution, affected devices exhibited a consistent behavioral pattern. AppleScript or equivalent native scripting activity was observed initiating follow-on workflows, after which outbound communications began to establish a structured rhythm.
These communications were characterized by repeated HTTP POST requests to low-prevalence or IP-only endpoints, often combined with unusual SSL properties and client identifiers that diverged from baseline device behavior. Individually, these signals were weak. When correlated across time and devices, they formed a pattern consistent with control establishment rather than benign software activity.
In higher-confidence cases, Autonomous Response actions were able to reduce or halt outbound signaling, interrupting the attacker’s ability to maintain control.
Detection Timeline
In representative cases, the sequence unfolded as follows:
Stage 1 – Initial Execution
Initial activity began with suspicious or masqueraded execution on a MacOS endpoint, consistent with ClickFix-style user deception.
Stage 2 – Post-Execution Scripting
This was followed closely by native scripting activity, most commonly AppleScript, indicating the transition into post-execution workflow.
Stage 3 – Outbound Communications
Outbound communications then emerged, initially sporadic but quickly forming a consistent cadence of HTTP POST requests to rare external endpoints.
Stage 4 – Anomaly Convergence
As activity persisted, additional anomalies became visible — unusual SSL characteristics, abnormal user agents, and connections to infrastructure with no prior network prevalence.
Stage 5 – Autonomous Response
In the most mature stages of the activity, automated containment actions disrupted outbound communications on affected devices, limiting the attacker’s ability to continue tasking while investigations progressed.
Darktrace coverage and detections
The following use-case highlights systems likely affected by malicious macOS intrusion activity linked by Microsoft to the Democratic People’s Republic of Korea (DPRK) [1], with indications of suspicious behavior observed between March 1 and May 3, 2026. The activity overlaps with patterns described in recent reporting on DPRK-nexus MacOS intrusions [1], though attribution confidence in this case remains moderate and based on behavioral alignment rather than solely infrastructure linkage.
Analyst confidence emerged through the correlation of multiple weak signals across time and devices. This included model coverage for rare external communications, sustained beaconing patterns, repeated HTTP POSTs, and anomalous client characteristics. Where enabled, Autonomous Response actions disrupted the most active outbound paths to reduce the attacker’s ability to maintain control while Darktrace’s investigation continued.
Notably, this highly anomalous behavior included:
Outbound connections to the rare external endpoint, zoom[.]uswebob[.]us associated with IP address, 148.72.73[.]98 [2][3] over port 443
Outbound connections to the rare external endpoint, check02id[.]com associated with IP address, 83.136.210[.]180 [4] over port 7365
Outbound connections to the rare external endpoints, 104.145.210[.]107 [5] over port 8443 and 83.136.208[.]48 [6] over port 443
Outbound connections to the rare external endpoint, 83.136.208[.]246 [7] over port 6783 with observed URI `/api/daemon` and a PowerShell user agent
Darktrace’s detection initially highlighted a desktop device (running MacOS) engaging in anomalous behavior as early as March 12, 2026. Starting on March 12, the source device triggered a ‘Possible Doppelganger Attack’ alert including connectivity to the hostname "zoom[.]uswebob[.]us · 148.72.73[.]98" over port 443 (TCP, HTTPS, H2). This model highlights a device connecting to a location that is rare but masquerades as legitimate software, such as Zoom in this case, a commonly used technique to blend into expected traffic [2] [3].
Figure 1: Initial connectivity observed to the rare external hostname, zoom[.]uswebob[.]us · 148.72.73[.]98, over port 443.
This was followed roughly seven later by a connection to 104.145.210[.]107 over port 8443, during which approximately 250 KiB of data of inbound data and 30 MiB of outbound data was observed, triggering the ‘Unusual Activity / Unusual External Data to New Endpoint’ in Darktrace.
Quickly after this connection, Darktrace’s Autonomous Response intervened, blocking the device’s access to the unusual external location and halting the data exfiltration attempt.
Figure 2: Darktrace’s detection of unusual data exfiltration, shortly followed by an Autonomous Response action to block it.
The device continued to consistently trigger model alerts relating to unusual external connectivity, including 'Posting HTTP to IP Without Hostname', 'Anomalous Connection / Rare External SSL Self-Signed' alerts, until well after 3 PM that day.
Figure 3: Additional external connectivity to new IP without a hostname, including connectivity to 83.136.208[.]246, alongside an anomalous ‘curl/8.7.1’ user agent and ‘/api/daemon’ URI.
Figure 4: Continued external SSL connectivity to IP 83.136.208[.]48, including connectivity to 83.136.208[.]246, alongside an anomalous ‘curl/8.7.1’ user agent and ‘/api/daemon’ URI.
Figure 5: Continued external HTTP connectivity to hostname, check02id[.]com · 83.136.210[.]180, alongside an anomalous ‘Go-http-client/1,1’ user agent.
From March 13 to March 28, the device continued exhibit unusual connectivity to various endpoints (e.g., 83.136.208[.]48, 83.136.208[.]246, check02id[.]com · 83.136.210[.]180), with the 'Multiple HTTP POSTs to Rare Hostname' model consistently triggering.
Windows OS Case
Pivoting over to an additional device, this time running Windows OS, anomalous behavior was also observed between March 30 and April 20. Notably, on March 30, the device was observed making a large number of suspicious external connection attempts to 83.136.208[.]246 over port 6783, all of which failed.
A further indicator was observed on April 1 with PowerShell connectivity to the same rare endpoint (83.136.208[.]246, port 6783), using the URI '/api/daemon' and the user agent 'Mozilla/5.0 (Windows NT; Windows NT 10.0; fr-FR) WindowsPowerShell/5.1.26100.7920'. Additional alerts included 'New User Agent to IP Without Hostname' and 'Anomalous Github Download', alongside activity involving the same endpoint.
Figure 6 : ‘Anomalous Powershell to Rare External Destination’ and ‘Github Download’ model alerts. This behavior involved connectivity with the endpoints ‘83.136.208[.]246’ and ‘github[.]com’.
The device continued triggering 'Posting HTTP to IP Without Hostname' & 'PowerShell to External Rare' alerts between April 4 and April 20 across multiple related endpoints (i.e., 83.136.208[.]48, 83.136.208[.]246, check02id[.]com · 83.136.210[.]180).
Darktrace’s Autonomous Response capability was able to block suspicious PowerShell attempts to unusual external locations, as shown below in an example from April 20.
Figure 7: Autonomous Response intervening to block an unusual PowerShell connection to an external destination.
Cyber AI Analyst investigations
In higher-confidence instances, Darktrace’s Cyber AI Analyst investigations helped connect otherwise separate model alerts into a single incident narrative, highlighting the attacker’s progression from post-execution scripting into sustained outbound signaling. This contextual stitching is particularly valuable in macOS scenarios where static artefacts are limited, and behavioral sequencing defines the intrusion.
Cyber AI Analyst investigations highlighted alerts on March 12, including unusual repeated connections and possible SSL command-and-control (C2) to multiple endpoints:
Figure 8: Cyber AI Analyst investigation linking events into a unified incident.
Autonomous Response
In addition to the containment actions detailed earlier, Autonomous Response implemented multiple additional measures to contain suspicious activity throughout the course of this attack. Whenever unusual external connectivity was detected, Darktrace blocked it, closing down potential C2 channels. Likewise, when data exfiltration attempts were identified, these connections were stopped to prevent the potential loss of sensitive data.
Figure 9: Autonomous Response actions implemented by Darktrace in response to suspicious connectivity in mid-March.
Furthermore, in cases where a device was deemed to have carried out a significant number of anomalous activities, Darktrace enforced a “pattern of life” on the device, preventing it from deviating from its expected behavior while allowing legitimate business operations to continue uninterrupted.
Figure 10: Autonomous Response actions implemented by Darktrace in response to suspicious connectivity in April, including the “Enforce Pattern of Life” action.
Conclusion
macOS intrusion tradecraft continues to shift toward native tooling and lightweight control channels designed to evade signature-led controls.
The repeated convergence of rare destinations, POST-based signaling, and anomalous client behavior — observed across time and across devices — provided sufficient evidence to act early and with confidence.
As macOS tradecraft continues to evolve, the defender advantage increasingly lies not in signatures, but in the ability to reason from behavior.
Credit to Justin Torres (Senior Cyber Analyst), Nathaniel Jones (VP, Security & AI Strategy, FCISO)
Edited by Ryan Traill (Content Manager)
Appendices
Darktrace Model Alert Coverage:
/ NETWORK-based model alerts:
· Anomalous Connection::Multiple HTTP POSTs to Rare Hostname
A New Security Challenge: The Curious Case of Prompt Language Analysis
Why prompt analysis is emerging as a key AI security challenge
If securing AI has been one of the defining cybersecurity conversations of the past year, prompt analysis is quickly becoming one of its most interesting frontiers.
Security leaders are under pressure to understand how AI is being used across the business. In some organizations, that means governing employee use of chatbots. In others, it means overseeing copilots embedded into SaaS platforms, monitoring coding assistants, or assessing the growing footprint of autonomous agents. However different these use cases may appear on the surface, they share a common factor: humans and machines are usually interacting with enterprise systems through language.
How prompt language differs from traditional security telemetry
For years, defenders have become used to working with familiar forms of telemetry: email traffic, network connections, API calls, endpoint processes, authentication events. Prompt language is different. It is not simply another log source. It is an expression of intent, instruction, curiosity, urgency, and sometimes manipulation. It reflects the end-goal of a user or agent, but not always with enough surrounding context to interpret the risk correctly.
Why existing security approaches only partially explain prompt risk
A growing number of vendors are approaching the task of securing AI from the angle they know best. Perimeter vendors are extending web or browser controls into AI usage. Identity vendors are emphasizing agent permissions and access governance. Data security and DLP providers are focusing on content inspection and exfiltration risk. All of these perspectives matter, but individually can’t fully explain the problem.
The challenge with securing AI is not just that a new application category has emerged. It is that language has become a new operating layer in the enterprise.
Employees now use prompts to summarize documents, generate code, analyze spreadsheets, query internal knowledge, and trigger multi-step actions through agents. In each case, prompt language acts as the interface between human intent and machine execution. That makes prompts incredibly valuable from a security perspective as they can hint at misuse, policy violations, data exposure, or attempts to circumvent controls. However, they can also be deeply ambiguous when viewed in isolation. That ambiguity is the heart of the issue.
Prompts as behavioral signals, not just text to classify
A prompt by itself tells you what was asked. It does not necessarily tell you whether the request is expected, risky, accidental, or entirely legitimate in context. Two nearly identical prompts can carry very different meanings depending on the role and function of who issued them, what systems they can access, and what actions followed. In other words, prompts are not just text to classify. They are behavioral signals to interpret.
Example: How context changes prompt risk entirely
Consider a common enterprise scenario. An employee is pulled into a new project with an aggressive deadline. Almost overnight, their use of AI tools spikes. They begin prompting more frequently, working across unfamiliar documents, querying new data sources, and interacting with more systems than usual to accelerate delivery. Viewed narrowly, this may look suspicious. Prompt volume increases, file access patterns change, API and SaaS activity rise. From some vantage points, it may resemble insider risk or unmanaged AI usage.
But now add context. Imagine that, earlier that day, the employee received instructions from a senior leader asking them to support a time-sensitive initiative. Their communication history shows that this leader is a legitimate reporting-line superior. Their recent collaboration patterns align with the new project team. Their subsequent activity, while unusual for that individual’s baseline, is consistent with the business task they were assigned.
What initially looked like a risk event may actually be a normal response to business pressure. Without the surrounding context of communication, organizational relationships, and broader behavioral patterns, prompt activity alone could generate more noise than insight.
The reverse is also true. A prompt may appear benign on the surface while the context around it suggests elevated risk. A request that seems routine could originate from a compromised user, a newly connected external agent, a shadow AI workflow, or a user acting outside their normal role. The language itself may not contain anything obviously malicious, but the surrounding conditions may tell a very different story.
What security teams need to analyze prompts effectively
The future of prompt analysis is not just about understanding language. It is about understanding language in context.
To do that well, security teams need more than prompt inspection. They need to understand:
Who is issuing the prompt, whether human or agent
How that identity normally behaves across the enterprise
What systems, data, and workflows are connected to the interaction
Which relationships and communications explain the surrounding activity
Whether the downstream actions align with expected business behavior
When those layers are absent, prompt analysis can become another isolated control surface: useful in theory, but limited in practice. Security teams may detect unusual wording but miss the operational function behind it, overreact to benign changes in behavior, or miss subtle misuse because the prompt itself did not appear dangerous.
How organizations should think about prompt analysis going forward
Security teams have seen this pattern before. In the cloud, posture without runtime context left important gaps. In identity, access control without behavioral understanding missed misuse that looked legitimate on paper. In data security, content inspection without business context often created friction without resolving risk. AI is exposing the same lesson again: controls are strongest when they are coordinated, not isolated. As organizations work to secure AI and identify gaps across their security operations, prompt analysis will become an increasingly important source of insight, but only as part of a broader strategy.
Prompt analysis will undoubtedly become more common, as prompts are one of the clearest windows into how people and agents are using AI systems. However, what matters most is not simply collecting prompts or filtering dangerous phrases, but being able to place that language inside a wider behavioral and operational picture.
Organizations that already have a broader understanding of how work gets done across the enterprise will be better positioned to make sense of prompt language as this category matures. They will be better able to distinguish urgency from abuse, experimentation from exfiltration, and productive AI adoption from hidden risk.
Figure 1: Darktrace / SECURE AI reconstructs the full sequence of events, showing every user and agent interaction in context, with risky prompts highlighted and categorized, including PII, sensitive data, and other policy violations.
At Darktrace, this is the key lesson emerging from the market: prompt language does matter, but it does not stand alone. It is most valuable when treated as a new behavioral input that can enrich understanding across the enterprise, not as a self-contained source of truth.
Why prompts become less useful when analyzed in isolation
The curious case of prompt language analysis, then, is this: the more important prompts become, the less useful they are in a vacuum.
The real opportunity is not just to see what was asked. It is to understand why it was asked, what it meant in that moment, and what happened next.
For a deeper look at how organizations are approaching this challenge from the strengths of prompt analysis to its limitations in isolation see Prompt Security in Enterprise AI: Strengths, Weaknesses, and Common Approaches, which expands on the role prompt-level controls play within a broader, context-driven security strategy.
%201.avif)
![Initial connectivity observed to the rare external hostname, zoom[.]uswebob[.]us · 148.72.73[.]98, over port 443.](https://cdn.prod.website-files.com/626ff4d25aca2edf4325ff97/6a3c241a851b82605cdf62fb_Screenshot%202026-06-24%20at%2011.38.14%E2%80%AFAM.png)
