Operation Crimson Palace: A Technical Deep Dive

Credit to Author: gallagherseanm| Date: Wed, 05 Jun 2024 10:00:46 +0000

Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) side-loading on one customer’s network. In a search for similar incidents in telemetry, MDR ultimately uncovered a complex, persistent cyberespionage campaign targeting a high-profile government […]

Read more