Palo Alto Networks Unit 42 researchers have recently discovered a new post-exploitation red team tool named Splinter, developed in Rust [1] [2]. This tool has standard features commonly found in penetration testing tools and can pose a potential threat if misused [2].
Description
Developed in Rust [1] [2], Splinter is a post-exploitation red team tool with standard features commonly found in penetration testing tools. Its implants are controlled through a task-based model [2], allowing them to execute Windows commands, run modules via remote process injection [2], upload and download files [2], collect cloud service account information [2], and self-delete from the system [2]. Splinter communicates with a command-and-control server over HTTPS and has not been linked to any threat actor activity [2]. Notably, the tool’s artifacts are large due to the inclusion of 61 Rust crates [2].
Conclusion
This discovery highlights the importance of keeping prevention and detection capabilities up to date to thwart potential attacks. It is crucial for organizations to be aware of the existence of tools like Splinter and take necessary measures to protect their systems from potential threats.
References
[1] https://www.techidee.nl/cybersecurity-onderzoekers-waarschuwen-voor-nieuwe-rust-gebaseerde-splinter-post-exploitation-tool/14546/
[2] https://thehackernews.com/2024/09/cybersecurity-researchers-warn-of-new.html