Organizations across Russia have been targeted with the novel GoRed backdoor in new attacks by the ExCobalt cybercrime group, which had compromised the country's information technology, telecommunications, and government sectors, among others, during the past 12 months, according to The Hacker News.
After obtaining initial network access through a supply chain attack or breached contractors, ExCobalt proceeded to leverage Mimikatz, Spark RAT, SMBExec, Metasploit, and ProcDump, as well as several Linux privilege escalation vulnerabilities to facilitate the deployment of the Golang-based GoRed malware without being detected by anti-malware systems, a report from Positive Technologies revealed. Aside from enabling command execution and credential theft, GoRed also allows process, network interface, and file system data exfiltration, command-and-control communications, and reverse shell activation, reported researchers. "ExCobalt continues to demonstrate a high level of activity and determination in attacking Russian companies, constantly adding new tools to its arsenal and improving its techniques," said researchers.
