Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks
Latest in cybersecurity.
Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild.
Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.
The Linux versions of the commercial post-exploitation tool was codenamed Vermilion Strike and according to Intezer researchers, that spotted it, is it fully undetected by vendors.
“In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files.” reads the analysis published by Intezer,
Intezer researchers reported that the Linux variant has been active in the wild since August, threat actors used it in attacks against telecom companies, government agencies, IT companies, financial institutions and advisory companies.
via Security Affairs https://ift.tt/2ISWpiN
September 13, 2021 at 11:03PM