Storm-0249 Abuses EDR Processes in Stealthy Attacks
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
Endpoint security protects laptops, phones, servers, and other connected devices from malware, unauthorized access, and breaches.
Search across headline titles and summaries.
Background for this topic.
Endpoint security protects laptops, desktops, servers, mobile devices, and other systems that connect to an organization’s networks or services. It combines secure configuration, timely patching, encryption, access controls, application restrictions, and monitoring. Endpoint detection and response (EDR) tools record activity such as process execution, persistence, and configuration changes so analysts can investigate suspicious behavior.
Endpoints are common entry points for exploiting vulnerable software, stealing credentials, or installing unauthorized code. Effective programs maintain an accurate device and software inventory, prioritize vulnerabilities that are exposed or actively exploited, and apply least privilege to limit what a compromised device or account can do. They also need tested procedures to contain or isolate devices, investigate them without unnecessarily destroying evidence, and govern endpoint telemetry and administrator access to protect privacy and support applicable data-handling obligations.
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. [...]
Poor IT hygiene, such as unused accounts, outdated software, and risky extensions, creates hidden exposure in your infrastructure. Wazuh, the open-source XDR and SIEM, shows how continuous inventory monitoring across endpoints helps teams spot drift and tighten security. [...]
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. [...]
Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. [...]