Multiple communication channels, phases, and tools were used to establish interactive, hands-on-keyboard control. Each phase was designed to minimize the chance of detection, with techniques that defeat IDS tool signatures, EDR, manual threat hunting, and even common approaches to ML-based detection.
The DGA used in this attack was different: a single, unique subdomain was generated for each victim, compromised of a globally unique ID calculated from local attributes and an encoding of the victim hostname.
Vectra’s AI will see through the evasion tactics applied and detect the tunnels as soon as they go active.
Vectra uniquely protects the entire network of hybrid, on-premise, and cloud connectivity with learning behavioral models that understand both hosts and identities—tracking and stopping attackers earlier in the kill chain.