Connect with us

Linux variant of Cobalt Strike Beacon attacks organizations around the world



Cobalt Strike Beacon, codenamed Vermilion Strike, is practically undetectable by antivirus software.

Researchers of the Israeli information security company Intezer told about recently discovered new versions of Cobalt Strike Beacon for Linux and Windows, used by hackers in attacks on government organizations, banks, telecommunications and IT companies.

The version of Cobalt Strike Beacon, code-named Vermilion Strike, which has not yet been detected by antivirus solutions, is a rare case of porting to Linux a tool traditionally used by red teams of security testers on Windows machines.

The Cobalt Strike developers position their product as “threat emulation software”, and Beacon, in turn, acts as a model of the attacker and simulates his actions after the initial breach.

Vermilion Strike uses the Cobalt Strike C&C protocol to connect to the C&C server. In addition, it is equipped with the functions of downloading files, running shell commands and writing to files.

The research of specialists is based on the artifacts they discovered, uploaded to VirusTotal on August 10, 2021 from Malaysia. At the time of writing, only two antivirus solutions have detected Vermilion Strike files as malicious.

Once installed, the malware runs in the background and decrypts the configurations required for Beacon to function. It then creates a fingerprint of the compromised Linux machine and establishes a connection to the remote server via DNS or HTTP and extracts the instructions, encoded with base64 and encrypted using AES. These instructions allow the malware to run arbitrary commands, write to files, and upload files to the server.

During the research, the specialists also found samples that shed light on the version of Vermilion Strike for Windows with the same functionality and C&C domains used to manage hosts.

According to the researchers, the spy campaign is very limited in scope. Unlike large operations, malware is used only in certain attacks, which indicates a “skilled attacker”.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Vice Society ransomware attacked a network of medical facilities in California



The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.

United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.

United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.

On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.

This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.

The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.

When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:

“Why not?

They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?

The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?

If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “

Continue Reading


The data of those wishing to take out a loan from Sovcombank got into the public domain



The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.

The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …

Continue Reading


Chinese authorities ordered to cleanse cartoons of “unhealthy” content



The Chinese authorities are confident that cartoons should support “truth, goodness and beauty.”

The Chinese television regulator demanded that producers not allow scenes of violence, vulgar and pornographic content to appear in cartoons. At the same time, the authorities will encourage “healthy” cartoons that carry “truth, goodness and beauty.”

The National Radio and Television Administration of China issued a notice to cartoon creators on September 24. The regulator recalled that mainly children and young people watch cartoons. Therefore, producers and artists should fill the paintings with content that carries “truth, goodness and beauty,” the agency said.

The regulator promised to encourage the creators of “healthy” cartoons, but did not specify how exactly.

In recent months, the Chinese authorities have introduced several measures aimed at the younger generation. At the end of July, the country banned streaming with the participation of children under the age of 16. A local regulator expressed concern over the display of “capitalist values” and “extravagant pleasures” in the videos of young Chinese people.

In August, the Chinese authorities also limited the time children and teenagers can spend playing online. Minors are only allowed to play between 8:00 pm and 9:00 pm on Friday, Saturday, Sunday and public holidays.

Continue Reading

Most Popular