Security News > 2023 > August > Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
Merlin is a Go-based cross-platform post-exploitation toolkit available for free via GitHub, offering extensive documentation for security professionals to use in red team exercises.
As we saw with Sliver, Merlin is now being abused by threat actors who use it to power their own attacks and spread laterally through compromised networks.
CERT-UA has assigned this malicious activity the unique identifier UAC-0154, and the first attacks were recorded on July 10, 2023, when the threat actors used a "UAV training" bait in their emails.
Using open-source tools like Merlin to attack government agencies or other important organizations makes attribution harder, leaving fewer distinct traces that can be linked to specific threat actors.
Charming Kitten hackers use new 'NokNok' malware for macOS. Popular open source project Moq criticized for quietly collecting data.
News URL
Related news
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)