COBALT MIRAGE APT Group Leverages Drokbk Malware
An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server.
The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access.
To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.
Featured Resources
blog
SOC Automation: Optimize Your SOC Workflow
Security operations centers (SOCs) are the nerve centers of modern cybersecurity, where threats are identified, assessed, and neutralized around the
blog
Why Traditional Cyber Risk Management Falls Short and How Exposure Management Bridges the Gap
Turn cyber risk management from reactive defense into measurable resilience
blog
CISO Roadmap 2025: A Practical Guide to Building a Resilient, Validated Security Strategy
From first 90 days to long-term resilience, see how CISOs can lead with validation, automation, and measurable impact