Alex Delamotte, Author at SentinelOne

Threat Actors Actively Exploiting Progress WS FTP Via Multiple Attack Chains 1

Dark Angels | ESXi Ransomware Borrows Code & Victimology From RagnarLocker

Alex Delamotte & Jim Walter / October 12, 2023

Learn how the Dark Angels ransomware targeting Johnson Controls' ESXi servers shares significant overlap with the notorious RagnarLocker.

labs

Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains

Alex Delamotte & Christian Vrescak / October 9, 2023

Vulnerable instances of Progess WS_FTP are being targeted by opportunistic attackers leveraging LOLBins to deliver Metasploit and remote access payloads.

CapraTube Transparent Tribes CapraRAT Mimics YouTube To Hijack Android Phones 3

labs

Advanced Persistent Threat

CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones

Alex Delamotte / September 18, 2023

Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.

Cloudy With A Chance Of Credentials AWS Targeting Cred Stealer Expands To Azure GCP 9

labs

Crimeware

Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP

Alex Delamotte / July 13, 2023

Cloud credentials stealing campaign expands to target Azure and Google Cloud via unpatched web app vulnerabilities.

labs

Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army

Alex Delamotte & Jim Walter / June 29, 2023

Read this technical breakdown of Rhysida ransomware and learn about its recent attacks on government institutions. Hunting rules and indicators included.