The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week.
The intrusion, achieved using a phishing email containing a weaponized link pointing to a ZIP archive, further entailed the use of Cobalt Strike for lateral movement.
While these legitimate utilities are designed for conducting penetration testing activities, their ability to offer remote access has made them a lucrative tool in the hands of attackers looking to stealthily probe the compromised environment without attracting attention for extended periods of time.
This has been compounded by the fact that a cracked version of Brute Ratel C4 (BRc4 v1.2.2) began circulating last month across the cybercriminal underground, prompting its developer to update the licensing algorithm to make it harder to crack.
images from Hacker News