What’s New

Inside the SOC

Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.

Darktrace AI detects and responds to Emotet outbound malspam campaign

Zoe Tilsiter
Thursday April 28, 2022
This blog explores the resurgence of Emotet malware through a recent outbound malspam campaign on a wholesale trade, and explains how Autonomous Response interrupted the attack.

Business email compromise to mass phishing campaign: Attack analysis

Shuh Chin Goh and Sam Lister
Thursday April 21, 2022
This blog details the impact of a distributed phishing campaign against a financial services company, and highlights some of Darktrace’s analytical tools which can help security teams investigate similar threats.

Darktrace vs Cobalt Strike: How Antigena intercepted and delayed a Cobalt Strike intrusion

Dylan Evans
Wednesday April 6, 2022
An attacker exploited vulnerabilities in Log4j to install Bughatch, Cobalt Strike Beacon, and NetSupport onto an Internet-facing VMware Exchange server within the network of a Darktrace customer. By inhibiting the attacker’s subsequent attempts to communicate with the compromised server, Antigena Network likely prevented ransomware from being deployed.

Walking through the front door: Compromises of Internet-facing systems

Sam Lister
Tuesday April 5, 2022
In 2021 Internet-facing systems were some of the most heavily targeted for compromise. This blog explores four of the top zero-day vulnerabilities from the year and highlights how Darktrace was able to detect them.

Exploring a crypto-mining campaign which used the Log4j vulnerability

Hanah Darley, Steve Robinson and Ross Ellis
Monday April 4, 2022
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.
Next: Resources