It'll be back: Attackers still abusing Terminator tool and variants
released on 2024-03-06 @ 03:25:37 PM
A threat intelligence report describes that threat actors continue to leverage vulnerable drivers like Zemana Anti-Logger and Anti-Malware to disable security products through Bring Your Own Vulnerable Driver attacks. Variants of the Terminator tool that exploits these drivers are still observed in the wild. The actors use the drivers for lateral movement and privilege escalation as part of ransomware campaigns targeting healthcare and other industries.