The campaign, attributed to the notorious Winnti group, involves the use of novel and stealthy malware, such as digitally signed kernel-level rootkits and a complex multi-stage infection chain. Cybereason's researchers have uncovered the Winnti group's tactics and techniques, which include exploiting legitimate software, abusing code signing certificates, and evading detection by antivirus and network security tools.
The goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes. They have also discovered a new malware strain called DEPLOYLOG used by the Winnti APT group and highlighted new versions of known Winnti malware, including Spyder Loader, PRIVATELOG, and WINNKIT3.
Cybereason's findings come after the company achieved an exceptional performance score in the MITRE ATT&CK evaluation, a rigorous and independent assessment of endpoint security solutions. The evaluation measured Cybereason's ability to detect and respond to real-world attack scenarios based on the MITRE ATT&CK framework, a globally recognised knowledge base of adversary behaviours.
This year, Cybereason set a new benchmark with perfect results in nearly every aspect of the evaluations, including:
The company demonstrated its MalOp detection and response capabilities, which provide a holistic and contextual view of malicious operations across the entire attack lifecycle.
Exceptional performance in the MITRE ATT&CK evaluation also contributed to its recognition as a leader in the Gartner Magic Quadrant for Endpoint Protection Platforms, a prestigious report that evaluates vendors based on their vision and ability to execute.
Cybereason was positioned highest for its ability to execute and furthest for its completeness of vision in the leader's quadrant, reflecting its innovation and customer satisfaction.
