Tag Archive for: Beacon

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

/in


A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks.

Pentesting tool Cobalt Strike has been one such target, but what happened recently with a Red Hat Linux version of the Cobalt Strike Beacon is worthy of note. According to cybersecurity researchers, it could be the work of an advanced threat actor.

How is Cobalt Strike Beacon Used in Cyberattacks?

Cobalt Strike is an exploitation platform. The idea is to emulate attacks from advanced adversaries and potential post-exploitation actions.

You can see it as a framework used by security teams for test purposes and threat groups. The software creates connections (using Cobalt Strike servers) to attack networks. In addition, it contains tons of components that are pretty convenient and customizable.

The beacon is the client. That’s why attackers have to install it on the targeted machine, which usually happens after exploiting a vulnerability. If the attack succeeds, hackers can maintain a persistent connection between the beacon and Cobalt Strike rogue servers, sending data periodically.

A New Variant of Cobalt Strike

Cobalt Strike Beacon Linux enables emulation of advanced attacks to a network over HTTP, HTTPS, or DNS.

It provides a console where you can open a beacon session and enter specific commands. The console returns command output and other information. Users get access to a status bar and various menus that extract information and interact with the target’s system.

Beacon’s shell commands are handy for performing various injections, remote command executions, and unauthorized uploads and downloads.

The skilled hackers who implemented this Linux variant achieved tremendous success. Their version has a scary ability to remain undetected. It can get disk partitions, list, write and upload files, and execute commands as well.

The malware has been renamed Vermilion. The name vermillion came from the Old French word vermeillon, which was derived from vermeil, from the Latin vermiculus, the diminutive of the Latin word vermis, or worm.

How Does a Beacon Attack Work?

The Cobalt Strike’s Command and Control…

Source…

Data Breach at KRH May Have Affected 129000 Patients’ Personal Information – Flathead Beacon

/in

Data Breach at KRH May Have Affected 129000 Patients’ Personal Information  Flathead Beacon
“data breach” – read more

All Android Versions Except Oreo Affected By ‘Critical’ Security Flaw – Hi-tech Beacon

/in

Hi-tech Beacon

All Android Versions Except Oreo Affected By 'Critical' Security Flaw
Hi-tech Beacon
A year ago an emergency Android patch was released to combat a rooting application, this vulnerability ultimately gained the "Critical" severity status as the extent of the problem became apparent. A security flaw in Android can surreptitiously grant
Threat Brief: Patch Today and Don't Get Burned by an Android Toast Overlay – Palo Alto Networks BlogPalo Alto Networks Blog
Android Security Bulletin—September 2017 | Android Open Source ProjectAndroid Open Source Project

all 16 news articles »

android security – read more

China Criticizes CIA Director Comments – Washington Free Beacon

/in

Washington Free Beacon

China Criticizes CIA Director Comments
Washington Free Beacon
On cyber espionage, Kang said China opposes all forms of cyber espionage. "We would like to work with the international community, including the U.S., to forge a peaceful, secure, open, and cooperative cyber space based on the principle of mutual

and more »

Espionage China – read more