1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Attackers abuse red teaming tool to deploy Brute Ratel

    From TechnologyDaily@1337:1/100 to All on Thu Sep 5 14:15:05 2024
    Attackers abuse red teaming tool to deploy Brute Ratel

    Date:
    Thu, 05 Sep 2024 14:13:00 +0000

    Description:
    Cisco Talos says different groups around the world are abusing the MacroPack framework do deploy malware.

    FULL STORY ======================================================================

    Hackers are using the MacroPack framework to generate weaponized Microsoft Office documents. These documents, in turn, deploy different malware to their targets, including Blue Ratel, PhantomCore, and Havoc.

    This is according to a new report from cybersecurity researchers Cisco Talos. In a detailed analysis published earlier this week, the researchers said they spotted what appear to be multiple threat actor groups abusing MacroPack in their malicious campaigns.

    The MacroPack framework is a legitimate tool used to create and manipulate Microsoft Office documents with embedded macros, often used in cybersecurity contexts for penetration testing and red teaming. It allows users to automate the generation of documents that can execute payloads or scripts, which can
    be exploited by attackers to deliver malicious code. MacroPack Abuse

    As explained in the report, the researchers took multiple files uploaded to the VirusTotal database, and came to the conclusion that at least four different groups are abusing MacroPack. One is from China, Taiwan, and Pakistan, and it was active between May and July this year, distributing
    Brute Ratel and Havoc. The C2 servers for this campaign were located in
    Henan, China. One is in Pakistan, impersonating the Pakistan Air Force, and distributing Brute Ratel. One is in Russia, dropping PhantomCore, and the
    last one is in the US, and was deploying a previously unknown malware labeled mshta.exe.

    Brute Ratel is a sophisticated red-teaming and adversary simulation tool designed for offensive cybersecurity professionals. It helps simulate
    advanced persistent threat (APT) attacks by mimicking real-world tactics, techniques, and procedures (TTPs) used by cyber adversaries. The tool is used to test and improve the defenses of organizations by evaluating their
    security posture against complex attacks. As such, it is seen as an alternative to Cobalt Strike, another legitimate tool which was abused to the point that antivirus programs started flagging it.

    Via BleepingComputer More from TechRadar Pro BlackCat ransomware could be about to get a whole lot nastier Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/attackers-abuse-red-teaming-tool-to-deploy-brute -ratel


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)