THREAT ALERT: DarkGate Loader

Cybereason warns of DarkGate Loader, an AutoIt-based loader distributed via phishing PDFs that decrypts and injects payloads to deploy post-exploitation tools (Cobalt Strike, Meterpreter). The alert describes a fast-moving infection chain with lateral movement to critical infrastructure, detection capabilities in the Cybereason platform, and recommended mitigations such as application control, variant payload prevention, hunting queries, and blocking IoCs.