Hacker's Playbook Updated with Methods for BADCALL
US Cert Alerts
SafeBreach Labs has updated the Hacker's Playbook™ with simulations for new attacks described in US-CERT Malware Analysis Report (MAR) - 10135536-G, attributed to North Korean Hidden Cobra actors.
This malware, dubbed BADCALL, turns victim Windows machines into relay points for encrypted traffic (a technique often called “Fake TLS”). Once compromised, attackers can use encrypted sessions to both access infected machines, and use those machines as relay points to obfuscate the origin point of malicious traffic.
SafeBreach recommends all industries and businesses simulate this attack to identify whether or not they are protecting against this campaign. As always, SafeBreach
LaauthorPicture2.pngbs will continue to monitor the situation, and develop new simulations as necessary.
To assess security control effectiveness against techniques involved in this attack, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint and network security controls:
Playbook #1484 - Transfer of BADCALL
Playbook #1485 - Transfer of BADCALL
Playbook #1486 - Local installation of BADCALL
The Safebreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.