Security News > 2021 > September > Hacker-made Linux Cobalt Strike beacon used in ongoing attacks
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.
Cobalt Strike is also used by threat actors for post-exploitation tasks after deploying so-called beacons, which provide persistent remote access to compromised devices.
Cobalt Strike has always had a weakness - it only supports Windows devices and does not include Linux beacons.
In a new report by security firm Intezer, researchers explain how threat actors have taken it upon themselves to create their Linux beacons compatible with Cobalt Strike.
Intezer researchers, who first spotted the beacon re-implementation in August and dubbed it Vermilion Strike, said that the Cobalt Strike ELF binary [VirusTotal] they discovered is currently fully undetected by anti-malware solutions.
Vermilion Strike comes with the same configuration format as the official Windows beacon and can speak with all Cobalt Strike servers, but doesn't use any of Cobalt Strike's code.
News URL
Related news
- Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)