Security News > 2023 > August > Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
Merlin is a Go-based cross-platform post-exploitation toolkit available for free via GitHub, offering extensive documentation for security professionals to use in red team exercises.
As we saw with Sliver, Merlin is now being abused by threat actors who use it to power their own attacks and spread laterally through compromised networks.
CERT-UA has assigned this malicious activity the unique identifier UAC-0154, and the first attacks were recorded on July 10, 2023, when the threat actors used a "UAV training" bait in their emails.
Using open-source tools like Merlin to attack government agencies or other important organizations makes attribution harder, leaving fewer distinct traces that can be linked to specific threat actors.
Charming Kitten hackers use new 'NokNok' malware for macOS. Popular open source project Moq criticized for quietly collecting data.
News URL
Related news
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Evilginx: Open-source man-in-the-middle attack framework (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)