Since 2018, Blind Eagle has targeted Latin American organizations using phishing and RATs. Darktrace detected Blind Eagle activity on a customer network involving C2 connectivity, malicious payload downloads and data exfiltration. Without Autonomous Response, the attack escalated, highlighting the need for proactive detection and response defense to counter fast-evolving threats.

An industry leading petrochemical manufacturer uses the Darktrace ActiveAI Security Platform to improve visibility, protect against supply chain attacks, and save the security team hundreds of hours of incident investigation.

A critical SAP vulnerability, CVE-2025-31324, allows unauthenticated remote code execution via NetWeaver Visual Composer. Despite early mitigation guidance, many systems remain exposed. Darktrace detected exploitation attempts six days before public disclosure, highlighting the importance of proactive, threat-agnostic detection.

ClickFix is a social engineering technique that exploits human error through fake prompts, leading users to unknowingly run malicious commands. Learn how Darktrace detects and responds to such threats!

Darktrace announces its Leader position in the inaugural Gartner® Magic Quadrant™ for Network Detection and Response (NDR).

Darktrace investigated “PumaBot,” a Go-based Linux botnet targeting IoT devices. It avoids internet-wide scanning, instead using a C2 server to get targets and brute-force SSH credentials. Once inside, it executes remote commands and ensures persistence.

To quickly identify and respond to threats before damage occurs, this local government relies on Darktrace to improve network visibility, stop insider threats, protect its email systems, and accelerate incident investigations.

Darktrace's AI-driven tools identified and disrupted AsyncRAT activity, detecting suspicious connections and blocking them autonomously. This proactive response prevented the compromise from escalating and safeguarded sensitive data from exfiltration.

This blog outlines Darktrace's model-based anomaly detection and how security teams can leverage custom models for targeted threat hunts. Recently, Darktrace's Threat Research team applied this method in their report, "AI & Cybersecurity: The State of Cyber in UK and US Energy Sectors."

In early 2025, Darktrace uncovered SocGholish-to-RansomHub intrusion chains, including loader and C2 activity, alongside credential harvesting via WebDAV and SCF abuse. Learn more about SocGholish and its kill chain here!

Protecting against supply chain cyber-attacks means safeguarding not just your network, but your customers’ trust. Learn why securing vendor relationships is essential in today’s threat landscape.

Discover why Darktrace is a launch partner for the Public Preview of Microsoft Azure Virtual Network Terminal Access Point (TAP).

Learn why EDR alone is not enough and how NDR uncovers and stops threats that disable or bypass endpoint security.

Docker is a prime target for malware, with new strains emerging daily. This blog explores a novel campaign showcasing advanced obfuscation and cryptojacking techniques.

Learn how NDR and SASE solutions complement and interact with each other to create a robust network security strategy.

In late 2024, Darktrace detected unusual activity linked to Cyberhaven's Chrome browser extension. Read more about Darktrace’s investigation here.

In 2024, Darktrace identified a cluster of intrusions involving the state-linked malware, ShadowPad. This blog will detail ShadowPad and the associated activities detected by Darktrace.

Explore Darktrace's Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.

Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks.

Discover how RansomHub is rising in the ransomware landscape, using tools like Atera and Splashtop, reconnaissance tactics, and double extortion techniques.