Ransomware group Storm-0249 exploits EDR tools like SentinelOne to stealthily execute malware. Using social engineering, they trick users into running malicious commands that lead to DLL side-loading, making attacks appear as normal EDR processes, thus evading detection. Recommendations include behavior-based detection and stricter controls on execution of potentially harmful commands.
Ransomware IAB Abuses EDR for Stealthy Malware Execution

