A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused on evading detection. The environment contained Cobalt Strike profiles designed to disguise beacon traffic as legitimate web requests, a Telegram-based … More → The post Sophos uncovers AI-powered malware lab built for EDR evasion appeared first on Help Net Security .