South Korean Organizations Targeted by Cobalt Strike 'Cat' Delivered by a Rust Beacon

SUMMARY :

An exposed web server containing tools for an intrusion campaign targeting South Korean organizations was identified. The server hosted a Rust-compiled Windows executable delivering Cobalt Strike Cat, along with SQLMap, Web-SurvivalScan, and dirsearch. The threat actor used these tools to identify and exploit vulnerable web applications, targeting government and commercial entities. The campaign utilized a Rust-compiled loader with a modified version of Cobalt Strike, providing insight into the actor's malware delivery and post-exploitation techniques. Analysis revealed reconnaissance tools, SQL injection exploitation, and malware delivery components, with logs confirming beacon activity from compromised hosts. The attackers used MinGW- and Rust-compiled loaders to deploy Cobalt Strike Cat and Marte shellcode.

OPENCTI LABELS :

sql injection,south korea,reconnaissance,marte,rust beacon,cobalt strike cat,mingw,open directory,marte shellcode


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


South Korean Organizations Targeted by Cobalt Strike 'Cat' Delivered by a Rust Beacon