New: Threat Exposure Validation Impact Report 2025
Learn More
Meet the team at Gartner Security & Risk Management Summit
Book a Meeting
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Meet the team at Infosecurity Europe 2025
Book a Meeting

COBALT MIRAGE APT Group Leverages Drokbk Malware

December 18, 2022

An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server. The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access. To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.