Cybereason, creators of the leading Cyber Defense Platform, today released new research from its Nocturnus team titled ‘Who’s Hacking the Hackers: No Honor Among Thieves’ which looks at a rapidly spreading campaign turning hacking tools and other installers into trojans. The threat actors are posting the maliciously modified files on various forums and websites to bait other hackers.
Cybereason’s investigation surfaced more than 1000 njRat samples compiled and built on almost a daily basis. This campaign gives threat actors complete access to the target machine, so they can use it for anything from conducting DDoS attacks to stealing sensitive data off the machine. Cybereason found the threat actors behind the campaign are using multiple servers, some of which appear to be hacked WordPress blogs and the infrastructure owned by the threat group.
‘Essentially, hackers are baiting other hackers by weaponizing tools on hacker forums and it is a wide scale effort that I will continue to follow in the months ahead. What’s interesting is that any crime actor targeting enterprises with the hacked trojans and tools is giving access to the hacker targeting other hackers,’ said Amit Serper, Vice President of Security Strategy, Principal Researcher, Nocturnus, Cybereason.
Additional Hacking the Hackers Research Highlights include:
Widespread Campaign: Cybereason found the hacking campaign that uses the njRat trojan to hijack the victim’s machine, giving the threat actors complete access that can be used for anything from conducting DDoS attacks to stealing sensitive data.
Using Vulnerable WordPress Websites: The threat actors are hacking vulnerable WordPress installations to host their malicious njRat payloads.
A “Malware Factory”: It seems as if the threat actors behind this campaign are building new iterations of their hacking tools on a daily basis.
About Cybereason
Cybereason, creators of the leading Cyber Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint prevention, detection and response and active monitoring. The solution delivers multi-layered endpoint prevention by leveraging signature and signatureless techniques to prevent known and unknown threats in conjunction with behavioral and deception techniques to prevent ransomware and fileless attacks. Cybereason is privately held and is headquartered in Boston, with offices in London, Sydney, Tel Aviv, Tokyo, Asia-Pacific and continental Europe.
Learn more: https://www.cybereason.com/
Media Contact:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261