Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

Featured Resources

WHITEPAPERS

CASE STUDIES

VIEW ALL CYBERSECURITY RESOURCES →

Blog Articles

PENETRATION TESTING

APPLICATION SECURITY

Cybersecurity News

THE LATEST NEWS

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

2024-04-22

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

Microsoft will limit Exchange Online bulk emails to fight spam

2024-04-16

Hacker claims Giant Tiger data breach, leaks 2.8M records online

2024-04-15

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

2024-04-12

GSMA releases Mobile Threat Intelligence Framework

2024-04-10

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

2024-04-09

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

2024-04-08

Home Depot confirms third-party data breach exposed employee info

2024-04-08

Hoya’s optics production and orders disrupted by cyberattack

2024-04-04

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

2024-04-04

New Chrome feature aims to stop hackers from using stolen cookies

2024-04-03

AT&T data leaked: 73 million customers affected

2024-04-02

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

2024-04-01

INC Ransom claims responsibility for attack on NHS Scotland

2024-03-28

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

2024-03-27

CISA urges software devs to weed out SQL injection vulnerabilities

2024-03-26

Exploit released for Fortinet RCE bug used in attacks, patch now

2024-03-21

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

2024-03-19

Nissan breach exposed data of 100,000 individuals

2024-03-18

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

2024-03-15

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

2024-03-14

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

2024-03-14

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

Emotet now drops Cobalt Strike, fast forwards ransomware attacks

Botnet, Cobalt Strike, Emotet, Ransomware
December 7, 2021

In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.

Cobalt Strike is very popular among threat actors who use cracked versions as part of their network breaches and is commonly used in ransomware attacks.

Today, Emotet research group Cryptolaemus warned that Emotet is now skipping their primary malware payload of TrickBot or Qbot and directly installing Cobalt Strike beacons on infected devices.

“Emotet itself gathers a limited amount of information about an infected machine, but Cobalt Strike can be used to evaluate a broader network or domain, potentially looking for suitable victims for further infection such as ransomware.”

“While the Cobalt Strike sample was running, it attempted to contact the domain lartmana[.]com. Shortly afterward, Emotet uninstalled the Cobalt Strike executable.”

This is a significant change in tactics as after Emotet installed its primary payload of TrickBot or Qbot, victims typically had some time to detect the infection before Cobalt Strike was deployed.

Share this article on social media: