Wreaking havoc in cyberspace: threat actors experiment with pentest tools


In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver.

According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of the Mysterious Werewolf cluster that leveraged the Mythic framework in one of its campaigns. In this research, we explore two campaigns based on the Havoc framework.

Read more…
Source: BI.ZONE


Sign up for our Newsletter


Related:

  • Fintech giant Finastra confirms it’s investigating a data breach

    November 20, 2024

    Finastra, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform. In a statement given to TechCrunch, Finastra spokesperson Sofia Romano confirmed the fintech giant detected what it calls “suspicious activity” related to an ...

  • Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware

    November 20, 2024

    Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least ...

  • Sitting Duck Cyber Attacks – Warning Issued As Websites Targeted

    November 20, 2024

    A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber ...

  • Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated)

    November 20, 2024

    Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and and CVE-2024-9474 and are working with external researchers, partners, and customers to share information transparently and rapidly. Fixes for both vulnerabilities are available. Please refer to the Palo Alto Networks Security Advisories (CVE-2024-0012, CVE-2024-9474) for additional details. ...

  • Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

    November 19, 2024

    LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. While some vendors suspect that the actor using LODEINFO might be APT10, we don’t have enough evidence to fully support this speculation. Currently, we view APT10 and Earth Kasha as different entities, although they ...

  • Scammer Black Friday offers: Online shopping threats and dark web sales

    November 19, 2024

    The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by the year. ...