Blog Entries

25. 01. 2024 Massimo Giaimo SOCnews

SOC News | Jan 01 – Kasseika Ransomware Uses BYOVD in His TTP

Kasseika Threat Actor has joined the club of Threat Actors that currently use Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus/EDR software before carrying out malicious activities, such as encrypting files. Kasseika abuses the Martini driver, part of the TG Soft’s VirIT Agent System. By using BYOVD attacks, the malware gains privileges it…

Read More

Archive