Attacks with new GoRed backdoor aimed at Russia

After obtaining initial network access through a supply chain attack or breached contractors, ExCobalt proceeded to leverage Mimikatz, Spark RAT, SMBExec, Metasploit, and ProcDump, as well as several Linux privilege escalation vulnerabilities to facilitate the deployment of the Golang-based GoRed malware without being detected by anti-malware systems, a report from Positive Technologies revealed. Aside from enabling command execution and credential theft, GoRed also allows process, network interface, and file system data exfiltration, command-and-control communications, and reverse shell activation, reported researchers.

Source: SC Magazine

Date:

24 June 2024

Categorie(s):

NEWS

Tag(s):

Attacks, IT, Network Security, News, Russia

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025