Aug 08, 2022 21:00:00

Platform 'Dark Utilities' that provides advanced functions at low cost and helps cyber attackers

The world's largest computer network equipment company, Cisco's threat intelligence team, Talos, is a service called ' Dark Utilities ' that easily prepares a C2 (

C & C: Command & Control ) server used when conducting a cyber attack. Exposed. The usage fee is 9.99 euros (about 1370 yen), and about 3000 people are registered.

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Attackers leveraging Dark Utilities 'C2aaS' platform in malware campaigns
http://blog.talosintelligence.com/2022/08/dark-utilities.html

Thousands of hackers flock to 'Dark Utilities' C2-as-a-Service
https://www.bleepingcomputer.com/news/security/thousands-of-hackers-flock-to-dark-utilities-c2-as-a-service/

According to Talos, 'Dark Utilities' is a C2 platform of the C2aaS (C2-as-a-Service) model established in early 2022. It delivers a payload consisting of code that runs on the victim's system under attack, registers the victim's system with the service, and establishes a C2 communication channel. It supports Windows, Linux and Python-based payloads, allowing attackers to target multiple architectures without devoting development resources.

'Dark Utilities' was created by a collective called 'Inplex-sys' and provides support on Discord and Telegram. Talos' research doesn't have a clear identity, but it's not that long as an activity period. Also, there is no indication that 'Inplex-sys' managed and developed it alone.

According to the investigation, the name 'Inplex-sys' was used on Steam, promoting 'Dark Utilities' and linking to 'Smart Bot' used to attack Discord and Twitch. As such, several individuals involved in the Smart Bot project are believed to be in partnership with Inplex-sys.

The cost to use premium access to the platform, associated payloads and API endpoints is €9.99, with around 3000 subscribers.

Since this is a relatively inexpensive setup for what it provides, it may appear attractive to attackers looking to compromise systems without creating their own C2 implementation in malware, and the number of users will continue to grow. expected to increase. In addition, this kind of C2aaS model platform provides advanced functions to attackers who do not have a high level of development ability. Talos points out that it is necessary to be firmly aware of these platforms and ensure security controls are in place.