How Attackers Establish Persistence in Hybrid Environments by Lucie Cardiet

This Vectra AI report explains how attackers achieve persistence in modern hybrid networks, outlining common techniques—backdoors and hidden remote access (hVNC), persistent network tunnels, C2 beacons (e.g., Cobalt Strike), token and identity abuse, and living-off-the-land using legitimate admin tools—and highlights why prevention tools often miss these footholds; it recommends behavior-focused detection across network and identity layers to reveal hidden persistent access.