Hackers Abusing BRc4

Hackers Abusing BRc4: Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection.

Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit “designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities.”

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Authored by an Indian security researcher named Chetan Nayak, Brute Ratel (BRc4) is analogous to Cobalt Strike and is described as a “customized command-and-control center for the red team and adversary simulation.”

The commercial software was first released in late 2020 and has since gained over 480 licenses across 350 customers. Each license is offered at $2,500 per user for a year, after which it can be renewed for the same duration at the cost of $2,250.

Russia-linked hackers launch fresh attacks by abusing the latest red team tool

BRc4 is equipped with a wide variety of features, such as process injection, automating adversary TTP, capturing screenshots, uploading and downloading files, support for multiple command-and-control channels, and the ability to keep memory artifacts concealed from anti-malware engines, among others.

The artifact, which was uploaded from Sri Lanka, masquerades as a curriculum vitae of an individual named Roshan Bandara (“Roshan_CV.iso”) but in reality is an optical disc image file that, when double-clicked, mounts it as a Windows drive containing a seemingly harmless Word document that, upon launching, installs BRc4 on the user’s machine and establishes communications with a remote server.

Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild

The delivery of packaged ISO files is typically sent via spear-phishing email campaigns, although it’s not clear if the same method was used to deliver the payload to the target environment.

The composition of the ISO file, Roshan_CV.ISO, closely resembles that of other nation-states APT tradecraft,” Unit 42 researchers Mike Harbison and Peter Rentals said, calling out similarities to that of a packaged ISO file previously attributed to Russian nation-state actor APT29 (aka Cozy Bear, The Dukes, or Iron Hemlock).

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

APT29 rose to notoriety last year after the state-sponsored group was blamed for orchestrating the large-scale SolarWinds supply chain attack.

The cybersecurity firm noted it also spotted a second sample that was uploaded to VirusTotal from Ukraine a day later and which exhibited code overlaps to that of a module responsible for loading BRc4 in memory. The investigation has since unearthed seven more BRc4 samples dating back to February 2021.

That’s not all. By examining the C2 server that was used as a covert channel, several potential victims have been identified. This includes an Argentinian organization, an IP television provider providing North and South American content, and a major textile manufacturer in Mexico.

Hackers abuse Red Team’s BRc4 penetration tool in attacks to avoid detection

“The emergence of a new penetration testing and adversary emulation capability is significant,” the researchers said. “Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities.”

Shortly after the findings became public, Nayak tweeted that “proper actions have been taken against the found licenses which were sold in the black market,” adding BRc4 v1.1 “will change every aspect of IoC found in the previous releases

Hackers Abusing BRc4 Red Team … – The Cyber Security News

https://thecybersecurity.news › hackers-abusing-brc4-re

6 hours ago — Destructive actors have been noticed abusing authentic adversary simulation software program in their attacks in an attempt to stay beneath 

Russia-linked hackers launch fresh attacks by abusing latest 

https://www.techcentral.ie › russia-linked-state-sponsore

9 hours ago — Security researchers have discovered hackers abusing the latest penetration … The BRc4 tool has been around since 2020 with India-based 

Less popular, but very effective, Red-Teaming Tool BRc4

https://securityaffairs.co › hacking › brc4-used-in-attacks

3 hours ago — Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade … (SecurityAffairs – hackingBRc4).

Hackers Abusing BRc4 Red Team Penetration Newspostalk

https://newspostalk.com › Security

6 hours ago — Malicious actors have been noticed abusing reputable adversary simulation software program of their assaults in an try to remain beneath the 

Hackers abuse Red Team’s BRc4 penetration tool in attacks to 

https://newsboardforme.com › hackers-abuse-red-teams

6 hours ago — Hackers abuse Red Team’s BRc4 penetration tool in attacks to avoid detection. user. 13 mins ago. Attackers have been seen abusing legitimate adversary

Hackers Abusing BRc4 Red Team Penetration … – Tech News

https://alltech.news › Cyber Security News

5 hours ago — Destructive actors have been observed abusing genuine adversary simulation software program in their attacks in an try to stay below the radar and evade 

The Hacker News (@TheHackersNews) / Twitter

https://twitter.com › thehackersnews

11 hours ago — State-sponsored hackers have been observed abusing a red-teaming and adversarial attack simulation tool called (Brute Ratel C4) BRc4 for their attacks to 

Russia-linked state-sponsored hackers launch contemporary 

https://biharnewsportal.com › russia-linked-state-sponso

9 hours ago — Safety researchers have found hackers abusing the newest … related to the Brute Ratel C4 (BRc4) pink teaming instrument goes undetected by 

Russia-linked state-sponsored hackers launch recent assaults

https://dailynewsasia.com › russia-linked-state-sponsore

8 hours ago — Safety researchers have found hackers abusing the newest … related to the Brute Ratel C4 (BRc4) pink teaming instrument goes undetected by 

Proyecto MISP – FINSIN

https://finsin.cl › nuestros-proyectos

Translate this page

6 hours ago — “The Hacker News”: Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to … “The Hacker News”: The End of False Positives for Web and API Security 

Ransomware gangs, APT groups ditch Cobalt Strike for Brute 

https://www.bleepingcomputer.com › News › Security

1 hour ago — APT hacking groups and ransomware operations are moving away from Cobalt … released Brute Ratel Command and Control Center (BRc4) as an 

The Hacker News – Posts – Facebook

https://m.facebook.com › thehackernews › posts

State-sponsored hackers have been observed abusing a red-teaming and adversarial attack simulation tool called (Brute Ratel C4) BRc4 for their attacks to

threatABLE Feed

https://www.threatable.io

4 hours ago — UK Councils and Hospitals Vulnerable to Cyber Hackers … Palo Alto’s Unit 42 team observed pentest tool BruteRatel (BRc4) being abused by malicious actors.

After years of warnings, mobile network hackers exploit SS7 

https://www.theregister.com › hackers_fire_up_ss7_flaw

03-May-2017 — These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices.

Santheep K. – Associate Consultant – KPMG India – LinkedIn

https://in.linkedin.com › santheep-kanagaraj

Chennai, Tamil Nadu, India · Associate Consultant · KPMG India

Active Directory ACEs abuse #OSCP… Liked by Santheep K. … See credential External link. Practical Ethical Hacking – The Complete Course Graphic 

Flangvik – YouTube

https://www.youtube.com › flangvik › videos

IRL Hacker: EP #35 – Checking out Brute Ratel (BRC4) … Stream #17 – Abusing Active Directory Certificate Services as a beacon operator.

Cybersecurity – Mechanicsburg | PA Appalachia Technologies

https://appalachiatech.com › it-services › cybersecurity

Today’s hackers are highly sophisticated and very motivated to find ways into your … Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors

Everything InfoSec / Cyber Security | allinfosecnews.com

https://allinfosecnews.com

4 hours ago — … Hacking, Vulnerability and Threat Research into one place. … Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection 2 hours ago 

 

 

 

 

 

 

 

 

 

SOURCE URL

 

Leave a Reply

Your email address will not be published.