Sophos Discovers AI-Powered Malware-Testing Framework for EDR Evasion

Sophos identified a threat actor utilizing AI technologies to construct a malware-testing framework aimed at developing and refining endpoint detection and response (EDR) evasion techniques. The discovery followed alerts triggered by an anomalous endpoint in a customer environment, linked to malicious payloads originating from a testing directory. The framework included Cobalt Strike profiles designed to disguise beacon traffic as legitimate web requests. Additional components involved a Telegram-based communication channel for command-and-control operations. No specific dates, CVE IDs, or victim details were disclosed in the investigation. The primary impact involves the advancement of AI-driven tools to bypass security defenses.