In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver.
According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of the Mysterious Werewolf cluster that leveraged the Mythic framework in one of its campaigns. In this research, we explore two campaigns based on the Havoc framework.
Read more…
Source: BI.ZONE
Related:
- Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
May 13, 2019
A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...
- Two years after WannaCry, a million computers remain at risk
May 12, 2019
Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across ...
- ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
May 11, 2019
The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used ...
- North Korea debuts new Electricfish malware in Hidden Cobra campaigns
May 10, 2019
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks. Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and ...
- Lax Telco Security Allows Mobile Phone Hijacking and Redirects
May 9, 2019
As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...
- FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
May 8, 2019
On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to ...