Qilin Ransomware

Qilin Ransomware image
You are here:
  1. Home
  2. Threat Advisory
  3. Qilin Ransomware

Overview

Qilin (also tracked as Agenda / Gold Feather / Water Galura) has evolved its operational playbook to include a hybrid attack model that combines a Linux-compiled ransomware payload executed on Windows hosts together with a “Bring Your Own Vulnerable Driver” (BYOVD) technique to disable/hamper endpoint protection.

TECHNICAL DETAILS

  • Initial Access: Credential theft (phishing, reuse of credentials, leaked credentials, Fake CAPTCHA), compromised RMM tools and remote-access products.
  • Lateral Movement & Escalation: Abuse of legitimate remote management tools (AnyDesk, Splashtop, MeshAgent, WinSCP, RMM suites) and elevated credentials to move laterally and access backup systems and hypervisors.
  • Defense Evasion (BYOVD): Deployment of a signed but vulnerable kernel driver (reported as variants such as TPwSav.sys in observed cases) to disable or….

Read Full Report Here!

Download the Report

Date

Share

Previous Reports

Voicemail-Based Remote Access Attack image

Voicemail-Based Remote Access Attack

APT28 Exploiting Microsoft Office RTF image

APT28 Exploiting Microsoft Office RTFZero-Day

macOS RCE via Google Ads Malvertising image

macOS RCE via Google Ads Malvertising