Unidentified cyber threat actors have started using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found.
Their line of attack is apparently successful, as one of the files delivering the Brute Ratel C4 “badger” – a payload for remote access similar to Cobalt Strike’s Beacon – has initially not been flagged as malicious by security tools leveraged by VirusTotal.