Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development — Cobalt Strike and Metasploit’s Meterpreter have been used by threat groups for years — Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams.
“The emergence of a new penetration testing and adversary emulation capability is significant,” researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. “Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities.”