- Jul 19, 2022

Hackers successfully use Brute Ratel C4

According to research by Palo Alto Networks, although Cobalt Strike has been the most widely used tool to gain remote access to organizational endpoints, the Brute Ratel C4 payload (called "badger") is somewhat less well detected by antimalware vendors as a malicious tool. Even more, the techniques used by Brute Ratel are specifically designed to evade detection by antimalware and EDR tools. This includes in-memory payload as well as DLL API proxying to legitimate DLLs.

Brute Ratel's line of attack is apparently successful, as one of the files delivering the Brute Ratel C4 payload - a remote access payload similar to Cobalt Strike's Beacon - was not initially flagged as malicious by the security tools used by VirusTotal.

There are ransomware groups interested not only in using Brute Ratel, but also in setting up fake companies so they can buy licenses to use it.

Read attack details at Help Net Security.

Moscow OT Infrastructure Breached: the Lessons

Here we go again: A Public-Facing Vulnerability in Palo Alto Networks Firewalls

Supply chain attack against open source?

Ransomware accelerates the move to cloud services? The British Library case

The latest SEC cybersecurity incident disclosures - what's the result so far?

UnitedHealth ransomware attack - what's behind it?

Business Email Compromise (BEC), more costly than ransomware?

Latest Exchange vulnerability not serious, but a warning for customers

The Ivanti Blunder - Consider the Risks

Another Vulnerability, Another Scramble for Patching - This Time Fortinet