CyberSecurityBoard
Sponsor Register Login

Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations' Web Applications

These attacks specifically utilize Cobalt Strike, a legitimate adversary simulation tool designed for security professionals, and SQLMap, an open-source utility that automates the detection and exploitation of SQL injection vulnerabilities. The attackers typically begin by scanning for vulnerable web endpoints using automated tools, focusing particularly on legacy applications that may have escaped regular security updates. Threat actors are increasingly leveraging professional security tools including Cobalt Strike, SQLMap, and other reconnaissance utilities to compromise corporate networks with alarming effectiveness. Once a vulnerable target is identified, they deploy SQL injection attacks against database-connected applications to extract authentication credentials and other sensitive information. The attacks typically begin with vulnerable web application components and escalate to full network access, allowing attackers to steal sensitive data and deploy ransomware payloads. Security teams are advised to implement web application firewalls, conduct regular vulnerability scanning, and maintain rigorous patch management procedures to defend against these increasingly sophisticated attacks. From there, attackers typically download Cobalt Strike beacons configured to communicate with command and control servers through encrypted channels using domain fronting techniques to evade detection. The researchers traced several recent breaches to initial SQL injection attacks that later incorporated Cobalt Strike beacons for persistent access. A common pattern seen across multiple victims involves the use of queries similar to: ' UNION SELECT @@version, user(), database(), sleep(5) -- - which both extracts database information and validates successful injection points. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The combination of these tools creates a potent arsenal for attackers seeking to breach organizational defenses through their web-facing applications. Cybersecurity experts have uncovered a sophisticated campaign targeting enterprise web applications through the abuse of legitimate penetration testing tools. Their research shows attackers are specifically targeting outdated web applications with known vulnerabilities that organizations have failed to patch.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Mar 2025 12:35:19 +0000


Cyber News related to Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations' Web Applications

Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations' Web Applications - These attacks specifically utilize Cobalt Strike, a legitimate adversary simulation tool designed for security professionals, and SQLMap, an open-source utility that automates the detection and exploitation of SQL injection vulnerabilities. The ...
3 weeks ago Cybersecuritynews.com
International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
9 months ago Cybersecuritynews.com
Malicious use of Cobalt Strike down 80% after crackdown, Fortra says | The Record from Recorded Future News - Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and Fortra, which bought Cobalt Strike in 2020, have worked since 2023 to address the longstanding issue of pirated and unlicensed versions of the software being downloaded ...
1 month ago Therecord.media
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
9 months ago Securityweek.com
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
1 year ago Infosecurity-magazine.com
Identifying Misuse of Cobalt Strike Systems - Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server ...
2 years ago Ironnet.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 weeks ago Cybersecuritynews.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
2 years ago Csoonline.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
1 year ago Securityboulevard.com
New Hacker Group Uses SQL Injection to Hack Companies - A new threat actor has been discovered to be using SQL injection attacks to gain unauthorized access to organizations in the APAC region. Among the 20, the threat actor successfully infiltrated six organizations with the legacy SQL injection attack. ...
1 year ago Cybersecuritynews.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com
18 Best Web Filtering Solutions - 2025 - Pros Cons Comprehensive content filtering.Cost can be high for full features.Malware and threat protection.Hardware-based solutions may require additional infrastructure.Easy to deploy and manage.Configuration complexity for advanced ...
1 month ago Cybersecuritynews.com
Navigating the Security Risks of Multicloud Management - The lack of visibility and control over multiple clouds exacerbates these risks, making it imperative for organizations to adopt robust cloud security practices. These tools enhance visibility across multiple cloud environments by providing a unified ...
6 months ago Darkreading.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
1 year ago Securityboulevard.com
SQL Brute Force leads to Bluesky Ransomware - In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware ...
1 year ago Thedfirreport.com CVE-2023-27350 BianLian
New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks - Researchers have spotted a new threat actor targeting organizations in the Asia-Pacific region with SQL injection attacks using nothing more than publicly available, open source penetration-testing tools. The GambleForce Campaign In a report this ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Comprehensive Guide to Fraud Detection, Management, & Analysis - To mitigate risks, businesses can use risk management strategies, including fraud detection software, company policies, and staff ranging from risk managers and trust officers to fraud analysts. Affiliate Fraud - Affiliates in a marketing arrangement ...
1 year ago Securityboulevard.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
7 Best Vulnerability Scanning Tools & Software - Vulnerability scanning tools scan assets to identify missing patches, misconfigurations, exposed application vulnerabilities, and other security issues to be remediated. To help you select the best fitting vulnerability scanning solution, we've ...
1 year ago Esecurityplanet.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
1 year ago Bleepingcomputer.com CVE-2023-32315 CVE-2022-21587 Earth Lusca GALLIUM

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)