New Case Study: Credit Union Boosts Secops With Continuous Testing
Learn More
New Research: Broken Attestation in Windows Admin Center
Learn More
Whitepaper: An Inside Look at the Technology Behind Cymulate
Learn More
New Integration Partnership with WIZ!
Learn More
Book a Demo
Book a Demo

COBALT MIRAGE APT Group Leverages Drokbk Malware

December 18, 2022

An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server. The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access. To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.

Featured Resources

View More Resources
image
blog

Validating Cloud Threat Detection with Wiz Defend and Cymulate

Cymulate-Wiz integration enables proven cloud threat detection by simulating real attacks and verifying Wiz Defend.

Read More
image
blog

Kerberos Authentication Relay Via CNAME Abuse 

A breakdown of Kerberos authentication relay using CNAME abuse and mitigation considerations.

Read More
image
blog

CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center 

A subtle Azure SSO token validation flaw allowed attackers to escalate privileges and move laterally across WAC-managed systems.

Read More