This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Security experts have detected an unauthorized version of the Cobalt Strike Beacon Linux created by malicious attackers that are actively utilized to attack organizations worldwide. Cobalt Strike is a legal penetration testing tool built for the red-team attacking infrastructure (security organizations that function as attackers to detect the security and flaws in the infrastructure of their org).
Cobalt Strike is often utilized for post-exploitation duties by malicious attackers (often dropped in ransomware campaigns) following the planting of so-called beacons that give permanent remote access to affected machines. Employing beacons, attackers may access compromised servers for the collection of data or distribute additional payloads of malware afterward.
Over time, the cybercriminals acquired split copies of the Cobalt Strike and circulated this as one of the most prevalent instruments of cybersecurity threats culminating in theft and extortion of information. Cobalt Strike, however, has always had a problem – it enables only Windows devices and therefore does not contain Linux beacons.
Further, as per a new analysis by the security company Intezer, scientists describe exactly how the threat actors have chosen to construct their cobalt strike-compatible Linux beacons. Malicious actors may now maintain and execute remote control over both Windows and Linux devices by utilizing these beacons.
The undiscovered variant — dubbed “Vermilion Strike” — of the penetration testing program is one of the uncommon Linux ports, typically a Windows-based red team instrumen
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Linux Implementation of Cobalt Strike Beacon Employed by Hackers in Attacks Worldwide