Hackers target Windows security experts with fake exploits

Cybersecurity researchers, analyzing proof-of-concept (PoC) exploits published on GitHub, recently found themselves on the receiving end of...

Cybersecurity researchers, analyzing proof-of-concept (PoC) exploits published on GitHub, recently found themselves on the receiving end of a Cobalt Strike-powered cyberattack.

It’s common practice for researchers to publish a PoC of recently patched flaws on code repositories, such as GitHub. That way, they can test different solutions among themselves and force admins to apply the fixes as soon as possible.

When Microsoft patched two remote code execution vulnerabilities, tracked as CVE-2022-24500 and CVE-2022-26809, a few PoCs popped up on GitHub, one of them coming from an account named “rkxxz”. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Cobalt Strike

However, the PoC turned out to be bogus, and what it did instead was install Cobalt Strike beacons on the researchers’ endpoints. Cyble’s researchers told BleepingComputer that the fake PoC was in fact a .NET application that launches a PowerShell script, which in turn executes a gzip-compressed PowerShell script malshare, which injects the beacon into device memory.

Cobalt Strike itself is not malware, but rather a legitimate tool being used for penetration testing. Still, it’s one of cybercriminals’ favorite weapons, ideal for stealthy lateral movement throughout the target network.

In the meantime, the fake PoC was removed, and the account distributing it, banned. 

In the world of cyber-warfare, every now and then, the hunter becomes the game. In late January this year, individuals working for Google’s Threat Analysis Group (TAG) discovered a cyberattack campaign coming out of North Korea that targeted other security researchers. The attack was broad in scope, utilizing blog posts, fake social media profiles, and email accounts to engage with the researchers.

Two months later, in March, the same group discovered another campaign out of North Korea, with the same goal. This time around, the attackers even set up a fake cybersecurity firm, called SecuriElite, through which they invited other researchers for collaborations. However, instead of actually collaborating, the group tried to infect the researchers’ endpoints with malware. 

Via: BleepingComputer

from TechRadar - All the latest technology news https://ift.tt/Yorvq0d



Apps,3856,Business,149,Camera,1155,Earn $$$,2,Gadgets,1740,Games,926,GTA,1,Innovations,2,Mobile,1696,Paid Promotions,4,Promotions,4,Technology,7935,Trailers,796,Travel,37,Trendly News,23969,Video,5,XIAOMI,13,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Hackers target Windows security experts with fake exploits
Hackers target Windows security experts with fake exploits
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy