Security News > 2023 > August > Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
Merlin is a Go-based cross-platform post-exploitation toolkit available for free via GitHub, offering extensive documentation for security professionals to use in red team exercises.
As we saw with Sliver, Merlin is now being abused by threat actors who use it to power their own attacks and spread laterally through compromised networks.
CERT-UA has assigned this malicious activity the unique identifier UAC-0154, and the first attacks were recorded on July 10, 2023, when the threat actors used a "UAV training" bait in their emails.
Using open-source tools like Merlin to attack government agencies or other important organizations makes attribution harder, leaving fewer distinct traces that can be linked to specific threat actors.
Charming Kitten hackers use new 'NokNok' malware for macOS. Popular open source project Moq criticized for quietly collecting data.
News URL
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- New open-source project takeover attacks spotted, stymied (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)