Article 5MZY3 Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown

Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown

by
Dan Goodin
from Ars Technica - All content on (#5MZY3)
GettyImages_computer-error_CROPPED-800x4

Enlarge / You did a bad bad thing. (credit: Getty Images)

Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday.

Cobalt Strike is a legitimate security tool used by penetration testers to emulate malicious activity in a network. Over the past few years, malicious hackers-working on behalf of a nation-state or in search of profit-have increasingly embraced the software. For both defender and attacker, Cobalt Strike provides a soup-to-nuts collection of software packages that allow infected computers and attacker servers to interact in highly customizable ways.

The main components of the security tool are the Cobalt Strike client-also known as a Beacon-and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific malleability" customizations, such as how often the client is to report to the server or specific data to periodically send.

Read 11 remaining paragraphs | Comments

index?i=aDwsn33khug:JLLa6ZeGIck:V_sGLiPB index?i=aDwsn33khug:JLLa6ZeGIck:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments