For HomeFor BusinessFor Partners
Industry News
1 min read

Security Researchers Hit with Cobalt Strike Via Fake Windows POC Exploits

Vlad CONSTANTINESCU

May 24, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Security Researchers Hit with Cobalt Strike Via Fake Windows POC Exploits

Cybercriminals used fake Windows Proof-of-Concept (PoC) exploits to infect security researchers with the Cobalt Strike backdoor. In this newly discovered series of attacks, the perpetrators leveraged recently patched Windows remote code execution flaws, as follows:

  • CVE-2022-24500– Windows SMB Remote Code Execution Vulnerability; to exploit this vulnerability, the victim would need to retrieve data as part of an OS API call from a malicious SMB server
  • CVE-2022-26809– Remote Procedure Call Runtime Remote Code Execution Vulnerability; to exploit this flaw, attackers would need to craft a special RPC call and send it to an RPC host. This would help the attacker achieve server-side remote code execution with RPC service permissions

Infosec community members often analyze Microsoft’s fixes for known vulnerabilities and release PoC exploits on relevant platforms, such as GitHub. Security researchers often rely on these PoC exploits to develop defense mechanisms and urge sysadmins to patch vulnerable systems.

A threat actor published two PoC exploits on GitHub last week for the vulnerabilities above (CVE-2022-24500 and CVE-2022-26809). The perpetrator published the fake PoC exploits in repositories for a user named ‘rkxxz,’ as Bleeping Computer reported. GitHub removed the account and has taken down the exploits.

The fake PoCs garnered significant traction, with users quickly spreading the word about them on social media platforms (Twitter, Reddit) and even threat actors mentioning them on hacking forums.

However, it didn’t take long for security researchers to figure out their malicious nature. As it turns out, the proof-of-concept exploits were used to drop Cobalt Strike beacons on vulnerable devices. Cybersecurity expert reports have shown that CVE-2022-24500 PoC was a .NET application mimicking an IP address exploit that would open a backdoor on compromised systems.

Although Cobalt Strike is a legitimate pentesting utility, threat actors often use it to breach vulnerable systems and use lateral movement techniques to spread further on the organization’s network.

tags

Industry News

Author

Vlad CONSTANTINESCU

Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

Right now Top posts

Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
Threats The Safe Nomad

Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware

November 14, 2024

4 min read
How Scammers Stole $20 Million by Hacking Emails of Real Estate Agents – Here’s Why Small Firms Must Take Cybersecurity Seriously
Industry News Very Small Business Scam

How Scammers Stole $20 Million by Hacking Emails of Real Estate Agents – Here’s Why Small Firms Must Take Cybersecurity Seriously

November 11, 2024

3 min read
Is Your Digital Footprint Placing You in Scammers’ Crosshairs?
Scam

Is Your Digital Footprint Placing You in Scammers’ Crosshairs?

October 17, 2024

4 min read
What Key Cyberthreats Do Small Businesses Face?
Tips and Tricks How to Very Small Business

What Key Cyberthreats Do Small Businesses Face?

September 06, 2024

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Feds Take Down Cybercrime Marketplace ‘PopeyeTools,’ Seizing Crypto Profits and Domains
Industry News

Feds Take Down Cybercrime Marketplace ‘PopeyeTools,’ Seizing Crypto Profits and Domains
Filip TRUȚĂ

November 22, 2024

3 min read
RansomHub Hits Mexican Government Website and Servers
Industry News

RansomHub Hits Mexican Government Website and Servers
Silviu STAHIE

November 21, 2024

1 min read
Five Men Linked to ‘Scattered Spider’ Crime Ring Face Long US Prison Sentences
Industry News

Five Men Linked to ‘Scattered Spider’ Crime Ring Face Long US Prison Sentences
Filip TRUȚĂ

November 21, 2024

2 min read

Bookmarks

loader