"Threat Actors Abuse Penetration Testing Tool for Attacks"

According to security researchers at Palo Alto Networks' Unit 42, threat actors are evading detection by using malicious payloads associated with the Brute Ratel C4 adversarial attack simulation tool, which is legitimate software. The researchers uploaded a malware sample to Google's VirusTotal system to see if it could be identified. VirusTotal's 56 malware engines all rated the sample as benign, despite it containing the Brute Ratel C4 payload. The tool is less well-known than Cobalt Strike, a popular penetration testing tool, the components of which have also been used for malicious purposes. The Brute Ratel C4 tool is particularly dangerous because it was specifically designed to circumvent detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. Chetan Nayak, a former Mandiant and CrowdStrike security researcher, created Brute Ratel C4. When used by Red Teams against Blue Teams, it is a tool for simulating attacks and can be customized to act as a control center for penetration testing purposes. Before developing the new version of Brute Ratel C4, Nayak said he reverse-engineered several top-tier EDR and AV dynamic link libraries (DLLs). The tool has 480 users across 350 customers. In response to the Unit 42 investigation, Nayak stated that he had taken action against the licenses used for malicious purposes and sold on the black market. The malware, according to Unit 42, was packaged in a manner consistent with the APT29 hacking group, which is said to be part of Russia's Foreign Intelligence Service SVR. This article continues to discuss threat actors' abuse of the Brute Ratel C4 adversarial attack simulation tool.

iTnews reports "Threat Actors Abuse Penetration Testing Tool for Attacks"