In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver.
According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of the Mysterious Werewolf cluster that leveraged the Mythic framework in one of its campaigns. In this research, we explore two campaigns based on the Havoc framework.
Read more…
Source: BI.ZONE
Related:
- Surge of MegaCortex ransomware attacks detected
May 6, 2019
UK cyber-security firm Sophos reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions –in a tactic that is known as “big-game hunting.” The modus operandi is ...
- Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March
May 6, 2019
Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts of their customers in March 2019 alone. The increase in the ...
- Mysterious hacker has been selling Windows 0-days to APT groups for three years
May 1, 2019
For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...
- Dell laptops and computers vulnerable to remote hijacks
May 1, 2019
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely ...
- APT trends report Q1 2019
April 30, 2019
For just under two years, the Global Research and Analysis Team (GReAT) at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. ...
- Dispelling Myths Around SGX Malware
April 29, 2019
A group of security researchers from Graz University of Technology recently disclosed detailed methods of deploying attacks from inside Intel’s SGX Security Enclave. The research paper received decent media attention probably due to recently discovered architecture vulnerabilities, such as Meltdown and Spectre. Researchers also released proof of concept (PoC) code for Linux that successfully escapes the securely ...