Fake Windows exploits target infosec community with Cobalt Strike
Credit:
Bleeping Computer
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.
Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809.
When Microsoft patches a vulnerability, it is common for security researchers to analyze the fix and release proof-of-concept exploits for the flaw on GitHub. These proof-of-concept exploits are used by security researchers to test their own defenses and to push admins to apply security updates. However, threat actors commonly use these exploits to conduct attacks or spread laterally within a network.