{"id":473630,"date":"2022-11-21T07:02:43","date_gmt":"2022-11-21T09:02:43","guid":{"rendered":"https:\/\/teknomers.com\/fr\/google-identifie-34-versions-fissurees-de-la-boite-a-outils-de-piratage-populaire-cobalt-strike-dans-la-nature\/"},"modified":"2022-11-21T07:02:44","modified_gmt":"2022-11-21T09:02:44","slug":"google-identifie-34-versions-fissurees-de-la-boite-a-outils-de-piratage-populaire-cobalt-strike-dans-la-nature","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/google-identifie-34-versions-fissurees-de-la-boite-a-outils-de-piratage-populaire-cobalt-strike-dans-la-nature\/","title":{"rendered":"Google identifie 34 versions fissur\u00e9es de la bo\u00eete \u00e0 outils de piratage populaire Cobalt Strike dans la nature"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Google Cloud a r\u00e9v\u00e9l\u00e9 la semaine derni\u00e8re avoir identifi\u00e9 34 versions pirat\u00e9es diff\u00e9rentes de l&#8217;outil Cobalt Strike dans la nature, dont la plus ancienne <a rel=\"nofollow noopener\" href=\"https:\/\/download.cobaltstrike.com\/releasenotes.txt\" target=\"_blank\">Exp\u00e9di\u00e9<\/a> en novembre 2012.<\/p>\n<p>Les versions, allant de 1.44 \u00e0 4.7, totalisent 275 fichiers JAR uniques, selon les conclusions de l&#8217;\u00e9quipe Google Cloud Threat Intelligence (GCTI).  La derni\u00e8re version de Cobalt Strike est la version 4.7.2.<\/p>\n<p>Cobalt Strike, d\u00e9velopp\u00e9 par <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortra.com\/resources\/press-releases\/helpsystems-now-fortra\" target=\"_blank\">Fortra<\/a> (n\u00e9e HelpSystems), est un cadre de confrontation populaire utilis\u00e9 par les \u00e9quipes rouges pour simuler des sc\u00e9narios d&#8217;attaque et tester la r\u00e9silience de leurs cyberd\u00e9fense.<\/p>\n<p>Il comprend un serveur d&#8217;\u00e9quipe qui agit comme le centre de commande et de contr\u00f4le (C2) pour r\u00e9quisitionner \u00e0 distance les appareils infect\u00e9s et un interm\u00e9diaire con\u00e7u pour fournir une charge utile de la prochaine \u00e9tape appel\u00e9e Beacon, un implant complet qui rend compte au C2 serveur.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"281\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Google-identifie-34-versions-fissurees-de-la-boite-a-outils.png\"\/><\/div>\n<p>Compte tenu de sa large gamme de fonctionnalit\u00e9s, les versions non autoris\u00e9es du logiciel ont \u00e9t\u00e9 de plus en plus militaris\u00e9es par de nombreux acteurs de la menace pour faire avancer leurs activit\u00e9s de post-exploitation.<\/p>\n<p>&#8220;Alors que l&#8217;intention de Cobalt Strike est d&#8217;\u00e9muler une v\u00e9ritable cybermenace, les acteurs malveillants se sont accroch\u00e9s \u00e0 ses capacit\u00e9s et l&#8217;utilisent comme un outil robuste pour le mouvement lat\u00e9ral dans le r\u00e9seau de leur victime dans le cadre de leur charge utile d&#8217;attaque de deuxi\u00e8me \u00e9tape&#8221;, Greg Sinclair, r\u00e9tro-ing\u00e9nieur de la filiale Chronicle de Google, <a rel=\"nofollow noopener\" href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/making-cobalt-strike-harder-for-threat-actors-to-abuse\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>Dans le but de lutter contre cet abus, GCTI a publi\u00e9 un ensemble de <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/chronicle\/GCTI\/tree\/main\/YARA\/CobaltStrike\" target=\"_blank\">R\u00e8gles YARA open source<\/a> pour signaler diff\u00e9rentes variantes du logiciel utilis\u00e9 par des groupes de piratage malveillants.<\/p>\n<p>L&#8217;id\u00e9e est &#8220;d&#8217;exciser les mauvaises versions tout en laissant intactes les versions l\u00e9gitimes&#8221;, a d\u00e9clar\u00e9 Sinclair, ajoutant que &#8220;notre intention est de ramener l&#8217;outil dans le domaine des \u00e9quipes rouges l\u00e9gitimes et de rendre plus difficile l&#8217;abus des m\u00e9chants&#8221;.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/google-identifies-34-cracked-versions.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Cloud a r\u00e9v\u00e9l\u00e9 la semaine derni\u00e8re avoir identifi\u00e9 34 versions pirat\u00e9es diff\u00e9rentes de l&#8217;outil Cobalt Strike dans la nature, dont la plus ancienne Exp\u00e9di\u00e9 en novembre 2012. Les versions, allant de 1.44 \u00e0 4.7, totalisent 275 fichiers JAR uniques, selon les conclusions de l&#8217;\u00e9quipe Google Cloud Threat Intelligence (GCTI). La derni\u00e8re version de Cobalt [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":473631,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[5905,5056,4168,4158,4165,4161,429,126198,7755,17673,4157,4159,4171,4170,4167,4160,5853,4163,4162,24879,5666,440,4172,4169,8544,11408,4166,4164],"class_list":["post-473630","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-boite","tag-cobalt","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-fissurees","tag-google","tag-identifie","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nature","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-outils","tag-piratage","tag-populaire","tag-securite-informatique","tag-securite-internet","tag-strike","tag-versions","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/473630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=473630"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/473630\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/473631"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=473630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=473630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=473630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}