Several systems have been discovered by Palo Alto Networks Unit 42 researchers to be impacted by the new Splinter post-exploitation red team tool, which could pose a cybersecurity threat despite its lacking sophistication compared with Cobalt Strike, reports The Hacker News.
Aside from performing Windows command execution and remote process injection-based module implementation, Splinter — which has "exceptionally large" artifact sizes due to extensive Rust crate presence — also features file uploading and downloading, cloud service account data collection, and self-deletion capabilities, according to the Unit 42 report. "The increasing variety underscores the importance of staying up to date on prevention and detection capabilities, since criminals are likely to adopt any techniques that are effective for compromising organizations," said Unit 42 researcher Dominik Reichel. Such an analysis follows a Deep Instinct study detailing the potential exploitation of Microsoft Office's Remote Procedure Call interface and a malicious shim to enable undetected code injection and privilege escalation attacks, respectively.
