The Beacon backdoor is only available for Windows systems, and because of its widespread abuse in recent years, security software often has good detection capabilities for this particular payload. Under the hood, the tool uses a server-client architecture, allowing security researchers (or malware authors) to use its server-side component to attack systems and deploy a backdoor called the Cobalt Strike Beacon, which is typically used to deploy other additional Cobalt Strike components on infected systems. Over the past few years, the Cobalt Strike toolkit has been cracked, pirated, and widely adopted by malware operations, according to research from Intel 471, Proofpoint, and a Recorded Future report that found that Cobalt Strike and fellow penetration testing tool Metasploit accounted for more than a quarter of all the malware command and control (C&C) servers deployed in 2020. While the tool was developed to help security firms emulate techniques used by threat actors as part of penetration tests, the tool’s advanced features have also made it a favorite among cybercrime groups. The attacks targeted telecom companies, government agencies, IT companies, financial institutions, and advisory companies.Ĭodenamed Vermilion, the threat actor modified a version of Cobalt Strike, a penetration testing toolkit developed by security software firm HelpSystems. Threat actor ports Cobalt Strike beacon to Linux, uses it in attacksĪ newly discovered hacking group has used a customized and enhanced version of a popular security tool to orchestrate attacks against a wide range of targets across the world over the month of August 2021.
0 kommentar(er)
