Select Page

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors’ attention for its Cobalt Strike-like capabilities.

Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emails sent using generic subject lines such as “Just checking in” and “Hope this works2.”

However, there are no indications that a leaked or cracked version of Nighthawk is being weaponized by threat actors in the wild, Proofpoint researcher Alexander Rausch said in a write-up.

Nighthawk, launched in December 2021 by a company called MDSec, is analogous to its counterparts Cobalt StrikeSliver, and Brute Ratel, offering a red team toolset for adversary threat simulation. It’s licensed for £7,500 (or $10,000) per user for a year.

“Nighthawk is the most advanced and evasive command-and-control framework available on the market,” MDSec notes. “Nighthawk is a highly malleable implant designed to circumvent and evade the modern security controls often seen in mature, highly monitored environments.”

images from Hacker News