A nascent and bonafide penetration testing framework referred to as Nighthawk is more likely to acquire menace actors’ consideration for its Cobalt Strike-like capabilities.
Enterprise safety agency Proofpoint stated it detected using the software program in mid-September 2022 by a crimson group with a lot of take a look at emails despatched utilizing generic topic strains comparable to “Just checking in” and “Hope this works2.”
However, there aren’t any indications {that a} leaked or cracked model of Nighthawk is being weaponized by menace actors within the wild, Proofpoint researcher Alexander Rausch stated in a write-up.
Nighthawk, launched in December 2021 by an organization known as MDSec, is analogous to its counterparts Cobalt Strike, Sliver, and Brute Ratel, providing a crimson group toolset for adversary menace simulation. It’s licensed for £7,500 (or $10,000) per person for a 12 months.
“Nighthawk is probably the most superior and evasive command-and-control framework out there available on the market,” MDSec notes. “Nighthawk is a extremely malleable implant designed to bypass and evade the trendy safety controls usually seen in mature, extremely monitored environments.”
According to the Sunnyvale-based firm, the aforementioned e-mail messages contained booby-trapped URLs, which, when clicked, redirected the recipients to an ISO picture file containing the Nighthawk loader.
The obfuscated loader comes with the encrypted Nighthawk payload, a C++-based DLL that makes use of an elaborate set of options to counter detection and fly beneath the radar.
Of specific word are mechanisms that may forestall endpoint detection options from being alerted about newly loaded DLLs within the present course of and evade course of reminiscence scans by implementing a self-encryption mode.
When reached for remark, MDSec informed The Hacker News that it is not conscious of any occasion of Nighthawk getting used for illegitimate exercise and that the licenses are distributed solely to a handful of carefully vetted clients.
With rogue actors already leveraging cracked variations of Cobalt Strike and others to additional their post-exploitation actions, Nighthawk might likewise witness comparable adoption by teams seeking to “diversify their strategies and add a comparatively unknown framework to their arsenal.”
Indeed, the excessive detection charges related to Cobalt Strike and Sliver have led Chinese felony actors to plan different offensive frameworks like Manjusaka and Alchimist in current months.
“Nighthawk is a mature and superior industrial C2 framework for lawful crimson group operations that’s particularly constructed for detection evasion, and it does this nicely,” Rausch stated.
“Historic adoption of instruments like Brute Ratel by superior adversaries, together with these aligned with state pursuits and fascinating in espionage, supplies a template for attainable future menace panorama developments.”