-
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows.
- August 23, 2024
- 12:31 PM
0
-
Fake US govt job offers push Cobalt Strike in phishing attacks
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices.
- September 30, 2022
- 12:33 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity.
- September 07, 2022
- 09:09 AM
- 4
-
LockBit ransomware abuses Windows Defender to load Cobalt Strike
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.
- July 29, 2022
- 10:29 AM
- 5
-
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.
- June 15, 2022
- 03:05 PM
- 0
-
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
- May 21, 2022
- 11:16 AM
- 0
-
Hive ransomware uses new 'IPfuscation' trick to hide payload
Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, involving IPv4 addresses and a series of conversions that eventually lead to downloading Cobalt Strike beacons.
- March 30, 2022
- 10:12 AM
- 0
-
Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections.
- February 22, 2022
- 01:08 PM
- 0
-
FIN12 hits healthcare with quick and focused ransomware attacks
While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.
- October 07, 2021
- 01:53 PM
- 0
-
Hacker-made Linux Cobalt Strike beacon used in ongoing attacks
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.
- September 13, 2021
- 10:00 AM
- 0
-
New Cobalt Strike bugs allow takedown of attackers’ servers
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.
- August 04, 2021
- 09:00 AM
- 0
-
SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader
The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network.
- January 19, 2021
- 02:09 PM
- 0
-
BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware
A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
- April 24, 2020
- 01:14 PM
- 2
-
Threat Actors Use Older Cobalt Strike Versions to Blend In
Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.
- June 18, 2019
- 11:26 AM
- 0
-
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer.
- February 25, 2019
- 04:08 PM
- 1
