SquidLoader Malware Campaign Targets Hong Kong Financial Sector
A new malware campaign targeting Hong Kong finance has been identified, featuring SquidLoader to deploy Cobalt Strike Beacon
Stay informed on Cobalt Strike-related threats. Get the latest news, analyses, and trends in information security with our focused coverage.
Search across headline titles and summaries.
Background for this topic.
Cobalt Strike is a commercial penetration testing tool designed to simulate advanced attacker behaviors, including command and control (C2) communication, lateral movement, and data exfiltration. Originally intended for red team exercises, it provides features such as customizable payloads, beacon implants, and post-exploitation modules that mimic real-world attack techniques.
Its dual-use nature means threat actors often repurpose Cobalt Strike for unauthorized intrusions, leveraging its stealthy C2 channels and modular capabilities to maintain persistence and evade detection. Security teams should monitor for Cobalt Strike indicators like unusual beacon traffic and employ endpoint detection strategies focused on its known payload behaviors to mitigate risks associated with its misuse.
Weekly headline count for the current query.
A new malware campaign targeting Hong Kong finance has been identified, featuring SquidLoader to deploy Cobalt Strike Beacon
Fortra claims the number of unauthorized Cobalt Strike licenses in the wild fell 80% over two years
Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence
Global law enforcers have share intelligence leading to the takedown of hundreds of IP addresses hosting Cobalt Strike
Kaspersky said the attackers deployed the payload to collect valuable system information
Cobalt Strike beacon loader migrates across criminal ecosystems
Sliver is gaining popularity due to its modular capabilities and cross-platform support
C2 framework could be the next Cobalt Strike, says Proofpoint
Certain components in Java Swing will interpret text as HTML content if it starts with
Cisco Talos discovered the malicious campaign in August 2022
The attackers modified the Blast Secure Gateway component of the application using PowerShell code