Nighthawk red-teaming tool likely to be exploited in cyberattacks

More threat actors are expected to leverage the commercial red-teaming tool Nighthawk in cyberattacks, reports SecurityWeek. Proofpoint researchers discovered that Nighthawk, which is a commercially sold remote access trojan similar to Cobalt Strike and Brute Ratel, has been initially leveraged by a legitimate red team operation last month, and while there have been no threat actors proliferating leaked versions of the tool online, security professionals have been urged to monitor in-the-wild exploitation. "Nighthawk could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal," said Proofpoint. Nighthawk vendor MDSec assured that the tool features layered controls aimed at preventing malicious exploitation but Proofpoint warned about the dangers of not assuming potential risks associated with Nighthawk. "Historic adoption of [legitimate hacking] tools by advanced adversaries, including those aligned with state interests and engaging in espionage, provides a template for possible future threat landscape developments," Proofpoint added.