An intrusion carried out by the COBALT MIRAGE threat group leveraged the multi-functional Drokbk malware for persistence and to execute additional commands received from the command-and-control server.
The actor took advantage of two Log4j vulnerabilities in a VMware Horizon server for initial access.
To determine its C2 server, the malware used the dead drop resolver technique and legitimate Internet services.