"Hackers Use Open-Source Merlin Post-Exploitation Toolkit in Attacks"

Ukraine warns of a wave of attacks using Merlin, an open-source post-exploitation and command-and-control (C2) framework, against state organizations. Merlin is a Go-based, cross-platform post-exploitation toolkit that is freely available via GitHub and offers comprehensive documentation for use in red team exercises by security professionals. It provides various features that enable red teamers and attackers to gain a foothold on a compromised network. However, as seen with Sliver, threat actors are now abusing Merlin to power their own attacks and spread laterally through compromised networks. CERT-UA reports detecting it in attacks that began with the arrival of a phishing email impersonating the agency and claiming to provide recipients with instructions on how to harden their Microsoft Office suite. This article continues to discuss hackers abusing Merlin in attacks on state organizations. 

Bleeping Computer reports "Hackers Use Open-Source Merlin Post-Exploitation Toolkit in Attacks"