Cobalt Strike and Metasploit were the offensive security tools most commonly used to host malware command-and-control (C2) servers in 2020, researchers report.
Researchers with Recorded Future's Insikt Group collected more than 10,000 unique C2 servers across at least 80 malware families last year. Cobalt Strike accounted for 1,441 of the C2 servers and Metasploit made up 1,122; combined, they made up 25% of the total C2 servers. Detections of unaltered Cobalt Strike deployments represented 13.5% of C2 servers identified.
Offensive security tools, also known as penetration testing tools and red teaming tools, have become part of attackers' toolkits in recent years. Some of these tools mimic an attackers' activity, and attack groups noticed an opportunity to blend in with typical penetration tests.
Nearly all of the offensive security tools researchers detected in C2 infrastructure have been connected to APT or advanced financial actors. Cobalt Strike is a favorite among APT41 and Mustang Panda, both associated with China, as well as Ocean Lotus, believed to be a Vietnamese APT group, and cybercrime gang FIN7. Metasploit is popular among APT Group Evilnum and Turla, a stealthy APT group associated with Russia.
Greg Lesnewich, senior intelligence analyst at Recorded Future, says it's interesting to see Metasploit prove popular with both Turla, a sophisticated espionage group, and Evilnum, a ..
Support the originator by clicking the read the rest link below.
