// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-wedgDTG 0600Z
ColdRecon / Breach Radar / Symantec
Breach Record

Symantec

DISCLOSED 2024-07-16 · RANSOMWARE · RANSOMWARE

Killer Ultra malware, used in Qilin ransomware attacks, terminates endpoint security tools by exploiting a vulnerable Zemana AntiLogger driver (CVE-2024-1853). It also clears Windows Event Logs and contains inactive post-exploitation capabilities. The malware targets Symantec, Microsoft Defender, and SentinelOne.

The record

What we know

Disclosed
2024-07-16
Attack vector
Ransomware
RANSOMWARE
Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the Symantec disclosure. It updates if new public reporting emerges. All tracked breaches →

Symantec just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →