Ethical Hacking News
A new post-exploitation red team tool called Splinter has emerged in the wild, prompting cybersecurity researchers to raise an alarm about its potential threat. The Splinter tool is built using the Rust programming language and boasts a range of features commonly found in penetration testing tools, making it a valuable target for threat actors seeking to compromise organizations. While there is no information available on who created the tool, its impact could be significant if misused.
The Splinter tool, a post-exploitation red team tool, has been discovered in the wild by Palo Alto Networks Unit 42. The tool is built using Rust and boasts features commonly found in penetration testing tools, but poses a potential threat if it falls into the wrong hands. Unit 42 discovered the tool on several customers' systems with no detected threat actor activity; its development remains unknown. The Splinter tool is highly customizable, with tasks obtained from a command-and-control server defined by the attacker. The tool can execute Windows commands, run modules via remote process injection, and delete itself from the system. Experts emphasize the need for regular security updates to prevent exploitation of emerging threats like Splinter.
Cybersecurity researchers have sounded an alarm about a new post-exploitation red team tool called Splinter, which has been discovered in the wild. The discovery was made by Palo Alto Networks Unit 42, a cybersecurity firm that specializes in threat intelligence and research.
The Splinter tool is built using the Rust programming language and boasts a range of features commonly found in penetration testing tools. However, this also presents a potential threat to organizations if it falls into the wrong hands. Penetration testing tools are often used for red team operations to flag potential security issues in a company's network. However, such adversary simulation tools can also be weaponized by threat actors to their advantage.
Unit 42 discovered the Splinter tool on several customers' systems and has not detected any threat actor activity associated with it. The development of the tool remains a mystery, as there is no information available on who created it.
According to Unit 42's Dominik Reichel, "Splinter implants are controlled by a task-based model, which is common among post-exploitation frameworks." This means that the Splinter tool obtains its tasks from a command-and-control (C2) server defined by the attacker.
The artifacts unearthed by Unit 42 reveal that they are exceptionally large, coming in around 7 MB. Most of this size comes from the presence of 61 Rust crates within it. This indicates that the Splinter tool is highly customizable and can be tailored to suit various hacking objectives.
Some functions of the tool include executing Windows commands, running modules via remote process injection, uploading and downloading files, collecting cloud service account information, and deleting itself from the system.
Dominik Reichel noted that "The increasing variety underscores the importance of staying up to date on prevention and detection capabilities, since criminals are likely to adopt any techniques that are effective for compromising organizations." This emphasis highlights the need for regular security updates, as threat actors continually seek new ways to exploit vulnerabilities in systems.
The discovery of Splinter comes at a time when other post-exploitation frameworks like Cobalt Strike have been widely used by cybercriminals. According to experts, it is essential to stay informed about emerging threats and continuously update security measures to prevent exploitation.
Furthermore, another attack method was discovered by Deep Instinct researchers Ron Ben-Yizhak and David Shandalov. They explained that they applied a malicious shim in a process without registering an SDB file on the system and successfully bypassed EDR detection by writing to a child process and loading the target DLL from the suspended child process before any EDR hook can be established.
As the threat landscape continues to evolve, it is crucial for organizations to remain vigilant and take proactive steps to protect themselves against emerging threats like Splinter.
Related Information:
https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html
https://cybersecuritynews.com/splinter-post-exploitation-red-team-tool/
Published: Thu Sep 26 04:42:40 2024 by llama3.2 3B Q4_K_M
