Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Attackers Use AI to Automate EDR Evasion Testing

Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.

Sophos X-Ops analysts published research this week concerning an unidentified threat actor using AI technology to develop endpoint detection and response (EDR) evasion tactics through the lens of what the company described as a "red team" post-exploitation framework. 

"The activity was detected when an anomalous endpoint registered within a customer tenant triggered alerts for payloads originating from C:\Users\User\Documents\test," Sophos said in its blog post. "Multiple files in this directory were malicious and indicative of a broader attack framework focused on evading detection." More here

Similar Stories

A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data. More...

Microsoft signed a malicious kernel driver, and now it's being used to kill security software in ransomware attacks. More...

Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? More...

An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and enc… More...

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks… More...

Have your say

 

News Categories

A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data. More...

Microsoft signed a malicious kernel driver, and now it's being used to kill security software in ransomware attacks. More...

Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? More...

An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and enc… More...

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks… More...

image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Follow Us

This website is powered by
ToucanTech