Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.

A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar 

A sea change in available data fuels fresh insights from the first half of 2024

Results from the latest ATT&CK Evaluations for endpoint detection and response solutions.

Sophos is the only vendor named a Customers’ Choice across Endpoint Protection Platforms, Network Firewalls, and Managed Detection and Response

Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. The […]

Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was used as part of a threat activity cluster we named STAC 5881. Attacks leveraged compromised […]

The Internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization.

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices

On beyond “Detect and Respond” and “Secure by Design”