“Uncovering Covert Cyber Attacks: Israeli Entities Targeted with Public Frameworks”
Cybersecurity Researchers Uncover Attack Campaign Targeting Israeli Entities Using Public Frameworks
Cybersecurity researchers have recently uncovered a sophisticated attack campaign that targets various Israeli entities using publicly available frameworks like Donut and Sliver.
The campaign, which has been ongoing for several months, has been targeting a range of organizations including government agencies, financial institutions, and critical infrastructure providers.
The attackers behind the campaign have been using a combination of social engineering tactics and publicly available tools to gain access to their targets’ networks. Once inside, they have been deploying malware and other malicious payloads to steal sensitive data and disrupt operations.
One of the key tools used in the campaign is Donut, an open-source framework that allows attackers to create and execute shellcode payloads on Windows systems. The attackers have been using Donut to create custom payloads that can bypass security controls and evade detection by antivirus software.
Another tool used in the campaign is Sliver, a post-exploitation framework that provides attackers with a range of capabilities including command and control, lateral movement, and data transfer. Sliver has been used by the attackers to maintain persistence on compromised systems and move laterally within their targets’ networks.
The use of publicly available frameworks like Donut and Sliver in this campaign highlights the growing trend of attackers leveraging open-source tools to carry out their attacks. These tools are often designed for legitimate purposes, such as penetration testing or security research, but can be easily repurposed by attackers for malicious purposes.
The use of these tools also makes it more difficult for defenders to detect and respond to attacks, as they may not be flagged as malicious by traditional security solutions. This underscores the importance of organizations having robust security measures in place, including threat intelligence and advanced detection capabilities.
The discovery of this campaign also highlights the importance of collaboration between cybersecurity researchers and organizations. The researchers who uncovered the campaign were able to do so by analyzing data from multiple sources and sharing their findings with the affected organizations.
This kind of collaboration is essential in the fight against cyber threats, as it allows for a more comprehensive understanding of the tactics and techniques used by attackers. It also enables organizations to take proactive measures to protect themselves against similar attacks in the future.
In response to the discovery of this campaign, Israeli authorities have issued warnings to organizations across the country, urging them to be vigilant and take steps to secure their networks. This includes implementing multi-factor authentication, regularly updating software and systems, and conducting regular security audits.
