Earlier this year, security researchers reported the use of legitimate security tools in multiple attacks against Ukrainian organizations, including government agencies, non-profits, and tech companies.
According to a Microsoft report, the legitimate security tools used included Impacket, a penetration testing tool.
The same tool showed up earlier this month, in an attack by Russian state-sponsored group Sandworm, which tried to take down a large Ukrainian energy provider, according to the Computer Emergency Response Team of Ukraine.
Now that same security tool has been identified as the number one global threat among customers of Red Canary, a managed detection and response company.