In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

The Warlock ransomware group (also tracked as Water Manaul) has significantly enhanced its post-exploitation capabilities in recent attacks. While continuing to exploit unpatched Microsoft SharePoint servers for initial access, the group now employs a new BYOVD technique targeting the NSecKrnl.sys driver to disable security products at the kernel level, deploys TightVNC for persistent remote access, and uses the Yuze reverse proxy tool to blend malicious traffic with legitimate network activity. Trend Micro researchers observed a January attack where the group spent 15 days inside a victim network before deploying ransomware. Defenders are advised to patch SharePoint vulnerabilities immediately, enforce MFA, monitor for anomalous driver activity, and watch for abuse of legitimate admin tools.

Warlock Ransomware Group Augments Post-Exploitation Activities

Warlock's Post-Exploitation Activity Enhancements