by In order to avoid the detection of information security systems, hackers used the penetration testing tool Cobalt Strike extensively in the past, and later switched to Brute Ratel C4 (BRC4). The attack has intensified on a penetration testing tool called Geacon, which was created by rewriting Cobalt Strike in the Go language. It is becoming more and more common for hackers to use the leaked ransomware Babuk source code to create their own attack tools. Previously, researchers pointed out that 10 ransomware families have used this to develop programs targeting VMware ESXi. A hacker organization named RA Group followed suit, creating its own ransomware and invading 4 organizations within a week.
