Halcyon Threat Insights 001: January 2024

**Executive Summary:** Halcyon’s Q4-2023 threat report highlights that IT, Education, and Finance were the most targeted verticals and details detections and blocks for multiple high-risk threats — including GhostPack Certify (AD CS misconfiguration exploitation), the stealthy Babar trojan, QakBot banking malware, and an Akira ransomware attack that encrypted workstations/servers and destroyed backups — while also noting frequent use of red-team and attacker tools (e.g., Mimikatz, SharpHound) and the platform’s ability to restore and expel attackers without paying ransom.