The Record -
A newly discovered hacking group has used a customized and enhanced version of a popular security tool to orchestrate attacks against a wide range of targets across the world over the month of August 2021.
The attacks targeted telecom companies, government agencies, IT companies, financial institutions, and advisory companies.
Codenamed Vermilion, the threat actor modified a version of Cobalt Strike, a penetration testing toolkit developed by security software firm HelpSystems.
While the tool was developed to help security firms emulate techniques used by threat actors as part of penetration tests, the tool’s advanced features have also made it a favorite among cybercrime groups.
Over the past few years, the Cobalt Strike toolkit has been cracked, pirated, and widely adopted by malware operations, according to research from Intel 471, Proofpoint, and a Recorded Future report that found that Cobalt Strike and fellow penetration testing tool Metasploit accounted for more than a quarter of all the malware command
The post Threat actor ports Cobalt Strike beacon to Linux, uses it in attacks was first published at The Record.