Agenda (Qilin) weaponizes Linux binaries against Windows
🛡️ Trend Micro reports that the Agenda (Qilin) ransomware group is running a Linux-based encryptor on Windows hosts to evade Windows-only detections. The actors abused legitimate RMM and file-transfer tools — including ScreenConnect, Splashtop, Veeam, and ATERA — to maintain persistence, move laterally, and execute payloads. They combined social engineering, credential theft, SOCKS proxy injection, and BYOVD driver tampering to disable EDR and compromise backups, impacting more than 700 victims since January 2025.
