Instead of Cobalt Strike, Hackers an Can Use Nighthawk

Nighthawk instead of Cobalt Strike
Written by Emma Davis

Experts from Proofpoint have released a report on Nighthawk, an advanced C2 framework that hackers can start using instead of Cobalt Strike.

After observing how the framework was used by a certain red team in September 2022, the researchers concluded that criminals might also like Nighthawk.

Let me remind you that we also wrote that Google Decided to Fight Hacked Versions of Cobalt Strike, and also, for example, that Hackers Are Switching from Cobalt Strike to Brute Ratel C4.

Nighthawk is developed and marketed by the European company MDSec, which offers its customers tools and services for intruder behavior modeling and penetration testing.

Nighthawk is essentially a commercially distributed Remote Access Trojan (RAT) similar to other frameworks such as Brute Ratel and Cobalt Strike. Like them, Nighthawk could quickly gain popularity among attackers looking to diversify their attacks and add a relatively unknown framework to their arsenal.Proofpoint said in a report.

Experts write that in September they observed the use of the Nighthawk red team of an unknown company, but so far have not found any signs of hacked or “leaked” versions of the Nighthawk that could be used by attackers. However, the company encourages incident responders to start looking for signs of Nighthawk abuse by hackers.

Proofpoint researchers expect Nighthawk to be used in attackers’ campaigns as the tool becomes more known or as attackers start looking for new, more effective tools.the researchers say.

In response to this, representatives of MDSec have already published their own statement, in which they explain that Proofpoint experts did not contact them before their publication and for some reason draw the attention of attackers to Nighthawk, describing some of the functions of the tool (which became known, including through reverse engineering).

Proofpoint makes unsubstantiated and speculative predictions that the attackers can use Nighthawk in the future. This has resulted in a lot of questions on Twitter and via email asking what precautions we are taking when distributing Nighthawk.writes MDSec.

The company emphasizes that they carefully check all buyers of Nighthawk licenses, sell their product only to certain countries (EU, Australia, Canada, Japan, New Zealand, Norway, Switzerland and the United States), and also do not distribute trial versions of Nighthawk, as this led to the abuse of other similar products in the past.

Overall, Cobalt Strike is still the most popular among hackers, and because of the high price, attackers use hacked or old versions of the program.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply