The New OilFeb 5

#EDRkiller tool uses signed #kernel driver from forensic software

https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/

#EnCase #cybersecurity #EDR #DigitalForensics

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them.

BleepingComputer
ForeNova TechnologiesMar 19, 2025

πŸš¨β€―EDR Killer Tools are targeting German enterprises!

From healthcare to energy, attackers are bypassing defenses with tools like Aukill & KernelMode. Is your business prepared? πŸ’»πŸ”’

#Cybersecurity #InfoSec #NetworkSecurity #DataProtection #EDR #EDRKiller

Show threadSophos X-OpsAug 27, 2024

With these new developments, what was formerly just an #EDRkiller tool is now a mechanism for #EDR impairment and subversion of the operating system itself. Sophos will continue to monitor developments in this threat actor's arsenal.

https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

Attack tool update impairs Windows computers

An EDR killer Sophos X-Ops has tracked for three years continues to bedevil organizations targeted by ransomware gangs.

Sophos News