Security News > 2021 > August > Conti ransomware affiliate goes rogue, leaks “gang data”
Inside a hacking tool that helps you exploit security holes.
Today's data breach includes a bunch of hacking tools that ransomware crooks love to use.
Sadly, the data leaked by the disaffected affiliate doesn't really amount to much.
ATK/PowSploit-E <- Kerberoast, used for attacking Active Directory logons ATK/Cobalt-* <- "Cobalt Strike", a complete botnet system for "Threat emulation" ATK/Shellcode-* <- Exploit injectors included in Cobalt Strike Troj/Agent-* <- Various backdoor "Zombie" modules include in Cobalt Strike GMER <- Popular detector/remover for rootkits Harmony Loader <- Toolkit for fileless execution of programs via C-Sharp PC Hunter <- Low-level security spelunking tool PowerTool <- Another low-level security spelunking tool Stas'M Router Scan <- Scans and looks for holes in routers, Wi-Fi access points and more.
If your security tools come up with a "Cobalt Strike" alert, or reports that relate to any of the techniques and tools that we mentioned above, we recommend that you investigate immediately, even if your cybersecurity software tells you that it automatically blocked and removed the rogue software that caused the alert.
The good news here is that the leaked data doesn't really tell us anything we didn't already know, or introduce any new tools or techniques that the typical cybercrook didn't already know about, either.