A nascent and genuine penetration screening framework recognized as Nighthawk is likely to obtain threat actors’ notice for its Cobalt Strike-like abilities.
Company security agency Proofpoint said it detected the use of the program in mid-September 2022 with a selection of check emails despatched utilizing generic issue strains these as “Just examining in” and “Hope this performs2.”
Nonetheless, there are no indications that a leaked or cracked version of Nighthawk is currently being weaponized by danger actors in the wild, Proofpoint researcher Alexander Rausch explained in a generate-up.
Nighthawk, launched in December 2021 by a enterprise referred to as MDSec, is analogous to its counterparts Cobalt Strike, Sliver, and Brute Ratel, supplying a crimson team toolset for adversary danger simulation. It is really accredited for £7,500 (or $10,000) for each consumer for a 12 months.
“Nighthawk is the most state-of-the-art and evasive command-and-management framework accessible on the sector,” MDSec notes. “Nighthawk is a hugely malleable implant built to circumvent and evade the modern security controls generally witnessed in mature, very monitored environments.”
In accordance to the Sunnyvale-primarily based firm, the aforementioned email messages contained booby-trapped URLs, which, when clicked, redirected the recipients to an ISO impression file that contains the Nighthawk loader.
The obfuscated loader will come with the encrypted Nighthawk payload, a C++-centered DLL that makes use of an elaborate established of attributes to counter detection and fly underneath the radar.
Of individual note are mechanisms that can stop endpoint detection answers from staying alerted about freshly loaded DLLs in the present-day method and evade process memory scans by applying a self-encryption manner.
With rogue actors now leveraging cracked versions of Cobalt Strike and other individuals to additional their put up-exploitation pursuits, Nighthawk could furthermore witness related adoption by teams hunting to “diversify their procedures and incorporate a fairly unknown framework to their arsenal.”
In truth, the substantial detection premiums linked with Cobalt Strike and Sliver have led Chinese criminal actors to devise different offensive frameworks like Manjusaka and Alchimist in current months.
“Nighthawk is a mature and advanced professional C2 framework for lawful purple group operations that is precisely built for detection evasion, and it does this effectively,” Rausch claimed.
“Historic adoption of tools like Brute Ratel by advanced adversaries, like individuals aligned with point out interests and engaging in espionage, supplies a template for doable future risk landscape developments.”
Uncovered this write-up intriguing? Abide by THN on Fb, Twitter and LinkedIn to browse a lot more exceptional content material we put up.
Some parts of this post are sourced from: