Between August 07-14, 2024, Blackpoint’s Security Operations Center (SOC) responded to 105 total incidents across Microsoft 365, Google Workspace, and other MDR-protected environments, with confirmed or likely threat actor use of:
- Raspberry Robin for persistence;
- ScreenConnect and AteraAgent for persistence; and
- RDP, whoami, and SharpShares for initial access and discovery.
In this blog, we’ll dive into the details behind these select incidents, including why they’re important for partners to account for today – even if they’ve not been attacked yet! – as well as possible mitigations leveraging your current tech stack and Blackpoint Cyber.