Tag
high
advisory
GenAI Tools Accessing Sensitive Files for Credential Access and Persistence
2 rules 4 TTPsThis threat brief details the detection of GenAI tools accessing sensitive files containing credentials, SSH keys, browser data, and shell configurations, indicating potential credential harvesting and persistence attempts by attackers leveraging GenAI agents.
Elastic Endpoint Security
genai
credential-access
persistence
collection
2r
4t
high
advisory
GenAI Tool Access to Sensitive Files for Credential Harvesting and Persistence
2 rules 4 TTPsThis brief outlines the threat of attackers leveraging GenAI tools to access sensitive files containing credentials, SSH keys, browser data, and shell configurations for credential access and persistence.
credential-access
genai
file-access
persistence
2r
4t
medium
advisory
GenAI Process Connection to Unusual Domain on macOS
2 rules 1 TTPThis rule detects GenAI tools on macOS connecting to unusual domains, potentially indicating command and control activity, data exfiltration, or malicious payload retrieval following compromise via prompt injection, malicious MCP servers, or poisoned plugins.
Copilot +22
genai
command and control
macos
network connection
2r
1t