Security News > 2021 > September > Hacker-made Linux Cobalt Strike beacon used in ongoing attacks
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.
Cobalt Strike is also used by threat actors for post-exploitation tasks after deploying so-called beacons, which provide persistent remote access to compromised devices.
Cobalt Strike has always had a weakness - it only supports Windows devices and does not include Linux beacons.
In a new report by security firm Intezer, researchers explain how threat actors have taken it upon themselves to create their Linux beacons compatible with Cobalt Strike.
Intezer researchers, who first spotted the beacon re-implementation in August and dubbed it Vermilion Strike, said that the Cobalt Strike ELF binary [VirusTotal] they discovered is currently fully undetected by anti-malware solutions.
Vermilion Strike comes with the same configuration format as the official Windows beacon and can speak with all Cobalt Strike servers, but doesn't use any of Cobalt Strike's code.
News URL
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)