
Mark Parsons
Mark Parsons is a threat hunter for Sophos Managed Detection and Response. He specializes in threat hunting, digital forensics, and incident response. Previous notable achievements include identifying multi-month nation state intrusions; working with multiple states’ cybersecurity programs before, during, and after the 2020 election cycle to improve their detection and response capabilities; finding rarely seen (second reporter) bugs in Microsoft Azure/CAP logs; and identifying multiple initial access brokers prior to their targets’ being compromised by second actors.
Content by Mark Parsons

Threat Research
.lnk
cybercrime
DLL sideloading
Featured
GOLD BLADE
RedLoader
Sophos X-Ops
webdav
GOLD BLADE remote DLL sideloading attack deploys RedLoader
July 29, 2025

Security Operations
Threat Research
Black Basta
Featured
Fin7
Java malware
legitimate service abuse
Microsoft Office 365
python malware
Quick Assist
remote machine management
Sophos X-Ops
STAC5143
stac5777
Teams
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
January 21, 2025

Security Operations
Threat Research
CloudFlare
Featured
FlowerStorm
legitimate service abuse
Phishing
phishing-as-a-service
Rockstar
Rockstar2FA
Sophos MDR
Sophos X-Ops
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
December 19, 2024

Security Operations
Threat Research
BackdoorDiplomacy
Chinese APT
Crimson Palace
Earth Longzhi
Featured
MDR
REF5961
Sophos X-Ops
TA428
Unfading Sea Haze
Crimson Palace returns: New Tools, Tactics, and Targets
September 10, 2024

Security Operations
Featured
human-led threat hunting
MDR
Microsoft SQL Server
Mimic Ransomware
Sophos X-Ops
Sophos MDR hunt tracks Mimic ransomware campaign against organizations in India
August 7, 2024

Security Operations
Threat Research
china
Crimson Palace
EAGERBEE
Earth Longzhi
MDR
Sophos X-Ops
Operation Crimson Palace: A Technical Deep Dive
June 5, 2024

Threat Research
BackdoorDiplomacy
china
EAGERBEE
Earth Longzhi
Featured
RUDEBIRD
Sophos X-Ops
state actors
TA428
threat-hunting
Worok
Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
June 5, 2024