Hackers target Windows security experts with fake exploits

News
By published

Instead of getting exploit PoC, they're getting something a lot more sinister

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Cybersecurity researchers, analyzing proof-of-concept (PoC) exploits published on GitHub, recently found themselves on the receiving end of a Cobalt Strike-powered cyberattack.

It’s common practice for researchers to publish a PoC of recently patched flaws on code repositories, such as GitHub. That way, they can test different solutions among themselves and force admins to apply the fixes as soon as possible.

When Microsoft patched two remote code execution vulnerabilities, tracked as CVE-2022-24500 and CVE-2022-26809, a few PoCs popped up on GitHub, one of them coming from an account named “rkxxz”. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Cobalt Strike

However, the PoC turned out to be bogus, and what it did instead was install Cobalt Strike beacons on the researchers’ endpoints. Cyble’s researchers told BleepingComputer that the fake PoC was in fact a .NET application that launches a PowerShell script, which in turn executes a gzip-compressed PowerShell script malshare, which injects the beacon into device memory.

Cobalt Strike itself is not malware, but rather a legitimate tool being used for penetration testing. Still, it’s one of cybercriminals’ favorite weapons, ideal for stealthy lateral movement throughout the target network.

In the meantime, the fake PoC was removed, and the account distributing it, banned. 

Read more

> Security researchers under attack from North Korea

> Hackers have turned their attention to the researchers hunting them down

> What SMBs are getting wrong about cyber security

In the world of cyber-warfare, every now and then, the hunter becomes the game. In late January this year, individuals working for Google’s Threat Analysis Group (TAG) discovered a cyberattack campaign coming out of North Korea that targeted other security researchers. The attack was broad in scope, utilizing blog posts, fake social media profiles, and email accounts to engage with the researchers.

Two months later, in March, the same group discovered another campaign out of North Korea, with the same goal. This time around, the attackers even set up a fake cybersecurity firm, called SecuriElite, through which they invited other researchers for collaborations. However, instead of actually collaborating, the group tried to infect the researchers’ endpoints with malware. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD