Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
26 March 2024
Agenda ransomware group uses RMM tools, as well as Cobalt Strike for deployment of the ransomware binary. It can also propagate via PsExec and SecureShell, while also making use of different vulnerable SYS drivers for defense evasion.