Post by Symantec

LATEST: Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft In recent Trigona activity, our Threat Hunter Team observed operators moving away from common exfiltration tools like Rclone and MegaSync, opting to use a custom-built uploader instead. This malware gives attackers tighter control over what they steal, enables them to move high-value data quickly, and helps them remain undetected on the network during the pre-ransomware phase. The latest research explains how this custom exfiltration tool is used in real-world attacks, how attackers impair defenses and harvest credentials prior to data theft, and what security teams should watch for as ransomware operations continue to evolve. 🔗 Read the full analysis: https://bit.ly/4mLcdrj