Pointing a Cursor at evading detection

Executive summary: Sophos X-Ops uncovered a threat actor using AI-assisted development and orchestration to build and iterate a red‑team-style testing framework that generated and tested dozens of EDR‑evasion modules (Cobalt Strike profile tuning, Telegram bot C2, shellcode injection scripts, Cloudflare fronting, and a modular Rust/Go payload loader). The repository and VM lab showed automated AD discovery, AI agent orchestration, and iterative testing against Sophos, CrowdStrike, and Windows Defender agents; Sophos links the tooling to known ransomware and data theft activity and recommends standard defense-in-depth mitigations.