South Korean Organizations Targeted by Cobalt Strike 'Cat' Delivered by a Rust Beacon
Essential information
- Published
- 18/03/2025 20:59
- Modified
- 19/03/2025 09:34
- Tags
- 2025-03-18 cobalt strike cat marte marte shellcode mingw open directory reconnaissance rust beacon south korea sql injection
- Related entities
- 9 observables, 11 techniques (mitre), 2 malware, 1 others
Description
An exposed web server containing tools for an intrusion campaign targeting South Korean organizations was identified. The server hosted a Rust-compiled Windows executable delivering Cobalt Strike Cat, along with SQLMap, Web-SurvivalScan, and dirsearch. The threat actor used these tools to identify and exploit vulnerable web applications, targeting government and commercial entities. The campaign utilized a Rust-compiled loader with a modified version of Cobalt Strike, providing insight into the actor's malware delivery and post-exploitation techniques. Analysis revealed reconnaissance tools, SQL injection exploitation, and malware delivery components, with logs confirming beacon activity from compromised hosts. The attackers used MinGW- and Rust-compiled loaders to deploy Cobalt Strike Cat and Marte shellcode.