Security News > 2022 > May > Fake Windows exploits targets infosec community with Cobalt Strike
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.
Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.
Last week, a threat actor published two proof-of-concept exploits on GitHub for the Windows CVE-2022-24500 and CVE-2022-26809 vulnerabilities on GitHub.
It soon became apparent that these proof-of-concept exploits were fake and installed Cobalt Strike beacons on people's devices.
Cobalt Strike is a legitimate pentesting tool that threat actors commonly use to breach and spread laterally through an organization.
In March 2021, North Korean hackers again targeted the infosec community by creating a fake cybersecurity company called SecuriElite.
News URL
Related news
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-26809 | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
| 2022-04-15 | CVE-2022-24500 | Unspecified vulnerability in Microsoft products Windows SMB Remote Code Execution Vulnerability | 8.8 |