Friend
Professional
- Messages
- 2,664
- Reaction score
- 876
- Points
- 113
An unknown tool threatens corporate networks.
Palo Alto Networks has discovered a new post-exploitation tool called Splinter, which was found on customer systems using Advanced WildFire memory scanning tools. Tools like Splinter are often used to check the network security of companies, but if they fall into the hands of attackers, they can pose a serious threat. This underscores the importance of continuous monitoring and detection of such threats.
Splinter is a tool developed using the Rust programming language. While Rust is commonly used to create memory-safe programs, the high code density makes it difficult to analyze. The Splinter samples found reached 7 MB due to the use of a large number of external libraries. Splinter uses JSON configuration files that contain data about the target system and the C&C server to which the tool connects to perform various tasks, such as remote command execution, file transfer, and data collection.
The tool has been found on several client systems, but there is no evidence of its use by the attackers yet. Splinter offers a standard set of features for such tools, such as command execution and process injection. While it's not as advanced as more well-known tools like Cobalt Strike, its capabilities pose a threat to organizations if used incorrectly.
Palo Alto Networks has improved its customers' protection against this threat with Advanced WildFire, Cortex XDR, and XSIAM updates that help detect and block known samples and monitor post-operational activity.
This discovery highlights the growing number of attack tools, which makes it more difficult to protect corporate networks. Organizations are encouraged to keep their security systems up to date and regularly update their threat detection practices.
Source
Palo Alto Networks has discovered a new post-exploitation tool called Splinter, which was found on customer systems using Advanced WildFire memory scanning tools. Tools like Splinter are often used to check the network security of companies, but if they fall into the hands of attackers, they can pose a serious threat. This underscores the importance of continuous monitoring and detection of such threats.
Splinter is a tool developed using the Rust programming language. While Rust is commonly used to create memory-safe programs, the high code density makes it difficult to analyze. The Splinter samples found reached 7 MB due to the use of a large number of external libraries. Splinter uses JSON configuration files that contain data about the target system and the C&C server to which the tool connects to perform various tasks, such as remote command execution, file transfer, and data collection.
The tool has been found on several client systems, but there is no evidence of its use by the attackers yet. Splinter offers a standard set of features for such tools, such as command execution and process injection. While it's not as advanced as more well-known tools like Cobalt Strike, its capabilities pose a threat to organizations if used incorrectly.
Palo Alto Networks has improved its customers' protection against this threat with Advanced WildFire, Cortex XDR, and XSIAM updates that help detect and block known samples and monitor post-operational activity.
This discovery highlights the growing number of attack tools, which makes it more difficult to protect corporate networks. Organizations are encouraged to keep their security systems up to date and regularly update their threat detection practices.
Source
