Pentest Tools Gone Wrong: How Hackers Are Using the Brute Ratel Red Team Tool

Data analysts pointing on charts on computer monitors while testing security software in office,

New technologies make the world go round—we love when a digital advancement makes our lives easier or more efficient. But unfortunately, the tools we use to make our lives better can just as easily be used to exploit weaknesses and cause harm.

This is exactly what’s been happening with certain pentest and red team tools. Cybersecurity researchers and ethical hackers use these tools to test the security of systems and find vulnerabilities before malicious actors do. But sometimes, these same tools end up in the hands of threat actors, who then use them to launch real attacks.

What Are Pentest and Red Team Tools?

A pentest is an evaluation used to identify as many cybersecurity vulnerabilities as possible in your systems.

A red team tool isn’t meant to find as many weaknesses as possible, but rather used to identify extremely specific targets and see how much damage can be done once they’ve infiltrated.

When red teaming, professionals are acting offensively as if they were hackers (as opposed to blue teaming, where professionals simulate defensive actions to prevent attacks).

Why Are Pentest and Red Team Tools at Risk of Attacks?

Both pentest and red team tools are at risk of cyber attacks because they take deep dives into your systems, and if they are vulnerable, can be used by a malicious hacker to steal your data. This is why businesses are scrambling to find a way to stop these tools from being used by threat actors—but it’s a tough battle.

Because attacks on red team tools are relatively new, many IT providers don’t have solutions to protect themselves and their customers, making them an even bigger target. That’s why it’s critical to work with a cybersecurity provider who has experience in protecting their red team and pentest tools from exploitative attacks.

At Adrytech, we prioritize the security of our customers, including when we perform pentests and red team tests. Here’s what you need to know about the Brute Ratel C4 hacks and tips to keep your businesses safe:

What Is Brute Ratel C4 (BR c4)?

Brute Ratel C4 (BR c4) is a red team tool that was created by a security engineer named Chetan Nayak. This program is specifically designed to get past endpoint detection and response and antivirus programs, which makes it very dangerous in the wrong hands.

As of May 16th, 2022, BR c4 had over 350 customers and costs $2500 for each user for a 1-year license. While the Brute Ratel c4 tool may not have thousands of customers, the attacks against it are only a foreshadowing of what’s to come in the security of red team tools.

What Damage Have Brute Ratel Attacks Caused?

On May 19th, 2022, a sample of malware that contained a malicious payload associated with BRc4 was uploaded to a virus checker and was labeled “benign” by the 56 security vendors that analyzed it.

The sample malware is packaged as an ISO file, which is usually delivered via a spear-phishing email or downloaded by a second-stage downloader. When the ISO file is double-clicked, it looks like a Microsoft Word document resume of someone named Roshan Bandara. However, when the user double-clicks on the “resume”, BR c4 is installed onto the user’s computer.

After Brute Ratel has been loaded onto a device, a hacker can remotely access the infected device to run commands and spread farther throughout the compromised network.

Once the hacker has access to the device, they can do a number of things such as install more programs, delete files, or even encrypt data and demand a ransom for the decryption key. And because this program is designed to evade detection, it can be very difficult for businesses to know that they’ve been hacked until it’s too late.

How Can You Protect Your Business from a Red Team Attack?

Adrytech is taking specific precautions to ensure that your business is always protected. In addition, we love to educate our customers on ways they can take control and prevent threat actors from infiltrating their red teaming tools.

In addition to working with a reliable cybersecurity expert, here are 5 simple tips on how to protect your red team tools and systems in general:

  1. Be careful what you click: Hackers can often embed malicious code in links or attachments, so it’s important to be cautious about what you click on. Train your employees to recognize phishing attempts and only open attachments from trusted sources. Make sure that everyone follows good cyber hygiene practices.
  2. Use a VPN: A VPN (virtual private network) encrypts your internet traffic and makes it harder for hackers to intercept your data.
  3. Use multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a second piece of information (usually a code sent to your phone) in order to log in.
  4. Keep your software up to date: Hackers are constantly finding new ways to exploit vulnerabilities in software, so it’s important to keep your programs up to date with the latest security patches.
  5. Establish company device and data policies: You should develop and implement comprehensive device and data policies company-wide to ensure your employees understand exactly what they are and aren’t allowed to do with company property. This includes offering Security Awareness Training to your staff so they understand the risks involved.

Cybersecurity is a constantly evolving field, so it’s important to stay up to date on the latest threats and how to protect yourself against them. Adrytech is committed to keeping our customers safe and secure, so they can focus on running their business.

Adrytech infographic about hackers

Stop Pentest and Red Team Cyberattacks with Adrytech

Adrytech is a leading provider of cybersecurity solutions that help businesses protect themselves against the latest threats. We offer a comprehensive suite of products and services that can be tailored to your specific needs. Contact us today to learn more about how we can help you stay safe from red team and other advanced cyber attacks!