Cybersecurity researchers have recently uncovered a vast and sophisticated hacker toolkit that provides a comprehensive suite of tools for executing and maintaining cyberattacks. Found in an open directory in December 2023, the discovery offers a rare glimpse into the methodologies and tools employed by modern cybercriminals. The toolkit includes a range of batch scripts and malware targeting both Windows and Linux systems, showcasing the attackers’ ability to compromise systems, maintain long-term control, and exfiltrate data.
Among the most significant tools identified were PoshC2 and Sliver, two well-known command and control (C2) frameworks. Although these open-source tools are typically used by penetration testers and red teams to simulate attacks and test security, they have been repurposed by threat actors for malicious purposes. The presence of these frameworks within the toolkit indicates the attackers’ intent to establish persistent remote access to compromised systems, allowing them to conduct further operations undetected.
In addition to these frameworks, the toolkit contained several custom batch scripts designed to evade detection and manipulate system settings.
Scripts such as atera_del.bat and atera_del2.bat were specifically crafted to remove Atera remote management agents, thereby eliminating traces of legitimate administrative tools. Other scripts, like backup.bat and delbackup.bat, were aimed at deleting system backups and shadow copies, a common tactic employed in ransomware attacks t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: