The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics

The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics By Aswath A · January 6, 2026 CrazyHunter ransomware has emerged as a significant and concerning threat, highlighting the increasing sophistication of cybercriminal tactics. Trellix has been actively tracking this ransomware since...

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection

The Silent Threat in Active Directory: How AS-REP Roasting Steals Passwords Without a Trace and Trellix NDR’s Rapid Detection By Maulik Maheta · October 15, 2025 Executive summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos...

XWorm’s Evolving Infection Chain: From Predictable to Deceptive

XWorm’s Evolving Infection Chain: From Predictable to Deceptive By Prashanth A N and Satish Chimakurthi · September 3, 2025 A sophisticated and evolving prevalent XWorm backdoor campaign has recently been identified by the Trellix Advanced Research Center, marking a significant strategic shift in...

Inside LockBit's Admin Panel Leak

Inside the LockBit's Admin Panel Leak: Affiliates, Victims and Millions in Crypto By Jambul Tologonov · June 12, 2025 Introduction On May 7, 2025, the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘ Don’t do crime CRIME IS BAD xoxo from Prague ’...

Iran Cyber Threat Update

ARCHIVED STORY Iran Cyber Threat Update By Trellix · January 08, 2020 Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on a heightened state of alert to monitor the evolving threats and rapidly implement...

80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals

ARCHIVED STORY 80 to 0 in Under 5 Seconds: Falsifying a Medical Patient's Vitals By Douglas McKee · August 11, 2018 The author thanks Shaun Nordeck, MD, for his assistance with this report. With the explosion of growth in technology and its influence on our lives, we have become increasingly...

Gandcrab Ransomware Puts Pinch On Victims

ARCHIVED STORY GandCrab Ransomware Puts the Pinch on Victims By Alexandre Mundo · July 31, 2018 Update: On August 9 we added our analysis of Versions 4.2.1 and 4.3. The GandCrab ransomware first appeared in January and has been updated rapidly during its short life. It is the leading ransomware...

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...