Security News > 2022 > July > Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.
Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "Designed to avoid detection by endpoint detection and response and antivirus capabilities."
BRc4 is equipped with a wide variety of features, such as process injection, automating adversary TTPs, capturing screenshots, uploading and downloading files, support for multiple command-and-control channels, and the ability to keep memory artifacts concealed from anti-malware engines, among others.
The artifact, which was uploaded from Sri Lanka, masquerades as a curriculum vitae of an individual named Roshan Bandara but in reality is an optical disc image file that, when double-clicked, mounts it as a Windows drive containing a seemingly harmless Word document that, upon launching, installs BRc4 on the user's machine and establishes communications with a remote server.
The investigation has since unearthed seven more BRc4 samples dating back to February 2021.
"Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities."
News URL
https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.html
Related news
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)