Subj : Attackers abuse red teaming tool to deploy Brute Ratel To : All From : TechnologyDaily Date : Thu Sep 05 2024 15:15:05 Attackers abuse red teaming tool to deploy Brute Ratel Date: Thu, 05 Sep 2024 14:13:00 +0000 Description: Cisco Talos says different groups around the world are abusing the MacroPack framework do deploy malware. FULL STORY ====================================================================== Hackers are using the MacroPack framework to generate weaponized Microsoft Office documents. These documents, in turn, deploy different malware to their targets, including Blue Ratel, PhantomCore, and Havoc. This is according to a new report from cybersecurity researchers Cisco Talos. In a detailed analysis published earlier this week, the researchers said they spotted what appear to be multiple threat actor groups abusing MacroPack in their malicious campaigns. The MacroPack framework is a legitimate tool used to create and manipulate Microsoft Office documents with embedded macros, often used in cybersecurity contexts for penetration testing and red teaming. It allows users to automate the generation of documents that can execute payloads or scripts, which can be exploited by attackers to deliver malicious code. MacroPack Abuse As explained in the report, the researchers took multiple files uploaded to the VirusTotal database, and came to the conclusion that at least four different groups are abusing MacroPack. One is from China, Taiwan, and Pakistan, and it was active between May and July this year, distributing Brute Ratel and Havoc. The C2 servers for this campaign were located in Henan, China. One is in Pakistan, impersonating the Pakistan Air Force, and distributing Brute Ratel. One is in Russia, dropping PhantomCore, and the last one is in the US, and was deploying a previously unknown malware labeled mshta.exe. Brute Ratel is a sophisticated red-teaming and adversary simulation tool designed for offensive cybersecurity professionals. It helps simulate advanced persistent threat (APT) attacks by mimicking real-world tactics, techniques, and procedures (TTPs) used by cyber adversaries. The tool is used to test and improve the defenses of organizations by evaluating their security posture against complex attacks. As such, it is seen as an alternative to Cobalt Strike, another legitimate tool which was abused to the point that antivirus programs started flagging it. Via BleepingComputer More from TechRadar Pro BlackCat ransomware could be about to get a whole lot nastier Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/attackers-abuse-red-teaming-tool-to-deploy-brute -ratel --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .