The National Cybersecurity & Communications Integration Center (NCCIC) issued an Activity Alert highlighting five publicly available hacking tools which were used in multiple cyber incidents around the globe.
Moreover, the alert was the result of a joint operation with the United Kingdom National Cyber Security Centre, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, and the New Zealand National Cyber Security Centre.
The tools described in the alert are HUC Packet Transmitter, PowerShell Empire, Mimikatz, China Chopper, JBiFrost, a command and control (C2) obfuscator, a lateral movement framework, a credential stealer, a webshell, and a Remote Access Trojan (RAT) respectively.
As detailed in the "AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide" alert, the tools were used to compromise targets a wide range of targets from health and finance to government and defense.
The publicly available hacking tools detailed in the alert are used whenever they suit the job at hand
The report mentions that although the threat actors who used freely available tools were also seen using a lot more sophisticated methods and malicious tools, they still made use of these common when there was no need to take the extra time to deploy more complex tools.
Within the AA18-284A alert, the five cybersecurity authorities describe in what instances each of the tools were used, as well as their capabilities and the mitigation measures organizations can take to protect themselves.
"Whatever these objectives may be, initial compromises of victim systems are often established through exploitation of common security weaknesses," the report says. "Abuse of unpatched software vulnerabilities or poorly configured systems are common ways for a threat actor to gain access."
All the tools described in the Activity Alert have been used by threat actors after they managed to compromise the targeted systems, allowing for further exploitation of other machines in the same network, and for collecting and exfiltrating data whenever possible.