
Cactus Ransomware: Qlik Sense Exploitation
An internet-facing Qlik Sense analytics server is exploited and turned into the launch point for a Cactus ransomware intrusion. Within a day the operator persists with a rogue remote-access agent, dumps domain-admin credentials from memory, pivots by RDP to the domain controller and backup servers, steals engineering data to cloud storage, and deploys ransomware. Work the Qlik web logs, the endpoint process tree and the perimeter traffic to reconstruct the intrusion end to end and tell the abuse apart from a heavy baseline of normal analytics and remote-access activity.
Launches in 5 days
Tuesday, July 14, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
What you'll investigate
8 objectives unlock when this operation goes live.
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 14, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever