// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / Carbon Black
Breach Record

Carbon Black

DISCLOSED 2025-07-31 · RANSOMWARE · RANSOMWARE

The Qilin ransomware group has adopted a bring-your-own-vulnerable-driver (BYOVD) technique using the legitimate but vulnerable Toshiba driver TPwSav.sys to disable endpoint detection and response (EDR) systems. The attack chain involves DLL sideloading via a Carbon Black update tool and a customized EDRSandblast tool to achieve kernel-level memory manipulation. This allows...

The record

What we know

Disclosed
2025-07-31
Attack vector
Ransomware
RANSOMWARE
Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the Carbon Black disclosure. It updates if new public reporting emerges. All tracked breaches →

Carbon Black just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →