- Joined
- May 15, 2016
- Messages
- 14,156
- Likes
- 2,643
- Points
- 1,730
The warnings turned out to be false and were caused by an incorrect rule passed to the software.
Users of the Microsoft Defender Advanced Threat Protection (ATP) security solution reported receiving warnings about the Cobalt Strike and Mimikatz threat, which in fact turned out to be false.
Microsoft Defender ATP antivirus is intended only for corporate users with a valid Microsoft 365 E5 license. Microsoft Defender ATP helps corporate users stay protected from cybersecurity threats, such as malicious apps and dangerous websites that can be used to steal information. The platform also enables information security professionals to prevent, detect and investigate cybersecurity incidents in enterprises.
Microsoft Defender ATP has caused some users to panic by showing several warnings about the dangerous threat Cobalt Strike. Other users reported seeing warnings about Mimikatz. In both cases, the notifications were found to be false.
Presumably, the problem was caused by an incorrect rule passed to Defender ATP, and Microsoft resolved the issue within a few hours.
“We have addressed an issue that was causing false positives and fixed notifications that some customers might receive,” a Microsoft spokesman said.
Cobalt Strike is a penetration testing tool often used by attackers for its advanced capabilities, including attacks by Ryuk, Sodinokibi and other ransomware. Mimikatz is a post-exploitation tool designed to steal passwords from compromised systems. It has also been used by many cybercriminal APT groups.
__________________
Users of the Microsoft Defender Advanced Threat Protection (ATP) security solution reported receiving warnings about the Cobalt Strike and Mimikatz threat, which in fact turned out to be false.
Microsoft Defender ATP antivirus is intended only for corporate users with a valid Microsoft 365 E5 license. Microsoft Defender ATP helps corporate users stay protected from cybersecurity threats, such as malicious apps and dangerous websites that can be used to steal information. The platform also enables information security professionals to prevent, detect and investigate cybersecurity incidents in enterprises.
Microsoft Defender ATP has caused some users to panic by showing several warnings about the dangerous threat Cobalt Strike. Other users reported seeing warnings about Mimikatz. In both cases, the notifications were found to be false.
Presumably, the problem was caused by an incorrect rule passed to Defender ATP, and Microsoft resolved the issue within a few hours.
“We have addressed an issue that was causing false positives and fixed notifications that some customers might receive,” a Microsoft spokesman said.
Cobalt Strike is a penetration testing tool often used by attackers for its advanced capabilities, including attacks by Ryuk, Sodinokibi and other ransomware. Mimikatz is a post-exploitation tool designed to steal passwords from compromised systems. It has also been used by many cybercriminal APT groups.
__________________