Darktrace announces its Leader position in the inaugural Gartner® Magic Quadrant™ for Network Detection and Response (NDR).

Darktrace investigated “PumaBot,” a Go-based Linux botnet targeting IoT devices. It avoids internet-wide scanning, instead using a C2 server to get targets and brute-force SSH credentials. Once inside, it executes remote commands and ensures persistence.

To quickly identify and respond to threats before damage occurs, this local government relies on Darktrace to improve network visibility, stop insider threats, protect its email systems, and accelerate incident investigations.

Darktrace's AI-driven tools identified and disrupted AsyncRAT activity, detecting suspicious connections and blocking them autonomously. This proactive response prevented the compromise from escalating and safeguarded sensitive data from exfiltration.

This blog outlines Darktrace's model-based anomaly detection and how security teams can leverage custom models for targeted threat hunts. Recently, Darktrace's Threat Research team applied this method in their report, "AI & Cybersecurity: The State of Cyber in UK and US Energy Sectors."

In early 2025, Darktrace uncovered SocGholish-to-RansomHub intrusion chains, including loader and C2 activity, alongside credential harvesting via WebDAV and SCF abuse. Learn more about SocGholish and its kill chain here!

Protecting against supply chain cyber-attacks means safeguarding not just your network, but your customers’ trust. Learn why securing vendor relationships is essential in today’s threat landscape.

Discover why Darktrace is a launch partner for the Public Preview of Microsoft Azure Virtual Network Terminal Access Point (TAP).

Learn why EDR alone is not enough and how NDR uncovers and stops threats that disable or bypass endpoint security.

Docker is a prime target for malware, with new strains emerging daily. This blog explores a novel campaign showcasing advanced obfuscation and cryptojacking techniques.

Learn how NDR and SASE solutions complement and interact with each other to create a robust network security strategy.

In late 2024, Darktrace detected unusual activity linked to Cyberhaven's Chrome browser extension. Read more about Darktrace’s investigation here.

In 2024, Darktrace identified a cluster of intrusions involving the state-linked malware, ShadowPad. This blog will detail ShadowPad and the associated activities detected by Darktrace.

Explore Darktrace's Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.

Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks.

Discover how RansomHub is rising in the ransomware landscape, using tools like Atera and Splashtop, reconnaissance tactics, and double extortion techniques.

Reimagining your SOC Part 3/3: This blog explores the challenges security professionals face in managing cyber risk, evaluates current market solutions, and outlines strategies for building a proactive security posture.

Reimagining your SOC Part 1/3: This blog shows how security teams can move to autonomous detection and investigation of novel threats, reducing alert fatigue, and enabling tailored, real-time threat response.

Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks.

File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo's MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team’s investigation into these vulnerabilities.