Think, Talk, Hack

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. “SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators,” […]

root

Unmasking Cracked Cobalt Strike 4.9: The Cybercriminal’s Tool of Choice

Cobalt Strike, a legitimate commercial penetration testing tool, has inadvertently become a favored instrument among cybercriminals for its efficacy in infiltrating network security. Initially released in 2012 by Fortra (formerly known as Help Systems), Cobalt Strike was designed to aid red teams in identifying vulnerabilities within organizational infrastructures. Despite stringent customer screening and licensing for […]

root

China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons

An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the […]

root

Hackers Using Sliver Framework as an Alternative to Cobalt Strike & Metasploit

Silver is an open-source command-and-control framework that is becoming increasingly popular among malicious actors at current attacks. As threat actors are opting for this option since it offers a viable alternative to commercial tools such as:- Cobalt Strike Metasploit Designed with scalability in mind, the Sliver security testing tool can be used by organizations of […]

root

Chinese APT Hackers Using a Custom Versions of Cobalt Strike to Deploy Backdoor Malware

Security analysts at Trend Micro have recently tracked down ‘Earth Longzhi’, a previously unknown Chinese APT hacking group that is actively targeting several organizations in countries such as:- East Asia Southeast Asia Ukraine With the help of custom versions of Cobalt Strike loaders, the threat actors have been successfully planting persistent backdoors on the systems […]

root

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that’s mainly used for adversary simulation, but cracked versions of the software have been actively […]

root

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. “The payload discovered is a leaked version of a Cobalt Strike beacon,” Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. “The beacon […]

root

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a “Chinese sibling of Sliver and Cobalt Strike.” “A fully functional version of the command-and-control (C2), written in Golang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing […]

root

Researchers Warn of ‘Matanbuchus’ Malware Campaign Dropping Cobalt Strike Beacons

A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. Available on Russian-speaking cybercrime forums […]

root

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly […]

root

Threat Actors Using Squirrelwaffle Loader to Deploy Qakbot & Cobalt Strike Malware

A new threat emerged recently in the wild that drops malware like Qakbot and Cobalt Strike onto negotiated systems and networks; this new threat is dubbed as “Squirrelwaffle” and threat actors are actively spreading Squirrelwaffle through several malicious email campaigns. Shortly after the disruption of the widely used botnet, Emotet by the law enforcement agencies, […]

root

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. “These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of […]

root

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders,” […]

root

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that’s actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed “Vermilion Strike” — marks one of the rare Linux ports, […]

root

Email claiming Kaseya patch drops Cobalt Strike malware

The email contains varying subject lines revolving around “order shipping” with messages instructing users to install the patch released by Microsoft. A few days ago, Hackread.com covered how the REvil Ransomware gang attacked an IT company named Kaseya which led to over 1000 businesses being victimized. Although ransom demands were made for publishing the decryptor […]

root

Hotcobalt – Cobalt Strike DoS Vulnerability Allows Blocking C2 Communication

Recently, a Cobalt Strike DoS vulnerability has been detected by the security analysts at SentinelOne. Cobalt Strike is a legitimate attack frame that is quite popular and is build for Red Team Operations. According to the report of security analysts, Cobalt Strike denial of service (DoS) vulnerabilities generally enables blocking beacon command-and-control (C2) communication channels […]

root

Live Cybersecurity Webinar — Deconstructing Cobalt Strike

Organizations’ cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will deploy a variety of tools and methods to infiltrate an organization’s environment and […]

root