SOPHOS X-Ops analysts reported that an unidentified threat actor is using AI to automate evasion techniques for endpoint detection and response (EDR) systems. The attackers developed malware testing environments that employ Python scripts, some AI-generated, to test against EDR solutions like Sophos, CrowdStrike, and Windows Defender.
This setup allows the attackers to iteratively develop and refine malware, building upon existing vendor research to identify evasion tactics aligned with known frameworks like MITRE ATT&CK. Though using sophisticated technologies, organizations are reminded to implement foundational cybersecurity practices, such as timely patching and multifactor authentication, to bolster their defenses.