"Threat Actors Favor Rclone, WinSCP and cURL as Data Exfiltration Tools"
The top three data exfiltration tools used by threat actors between September 2023 and July 2024 were Rclone, WinSCP, and cURL, according to ReliaQuest. Data exfiltration may involve threat actor–owned infrastructure or third-party cloud services. ReliaQuest says most high-profile ransomware groups, such as "LockBit," "Black Basta," and "BlackSuit," use the top three tools. This article continues to discuss key findings regarding the top data exfiltration tools used by threat actors.
Submitted by grigby1
Submitted by grigby1 CPVI
on