Security Experts:

Connect with us

Hi, what are you looking for?



‘Five Eyes’ Agencies Release Joint Report on Hacking Tools

Cybersecurity agencies in the United States, United Kingdom, Canada, Australia and New Zealand have released a joint report describing five of the most commonly used hacking tools.

Cybersecurity agencies in the United States, United Kingdom, Canada, Australia and New Zealand have released a joint report describing five of the most commonly used hacking tools.

The report was written by experts at the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC), and the US National Cybersecurity and Communications Integration Center (NCCIC).

The goal of the report, its authors said, is to provide network defenders and system administrators advice on how to detect the tools and limit their effectiveness.

Five types of tools are described, including remote access trojans (RATs), web shells, lateral movement frameworks, command and control (C&C) obfuscators, and credential stealers – all of which can be used after the targeted system has been compromised.

The RAT included in the report is JBiFrost, a variant of Adwind. The Five Eyes agencies have warned that while JBiFrost has been mostly used by low-skilled threat actors and cybercriminals, it can also be useful to state-sponsored groups.

JBiFrost works on Windows, Linux, macOS and Android, and its capabilities include lateral movement, installing additional malware, launching distributed denial-of-service (DDoS) attacks, and stealing information.

Agencies warned that JBiFrost has been increasingly used in targeted attacks aimed at critical infrastructure operators and their supply chain.

The web shell mentioned in the report is called China Chopper and it allows hackers to remotely access compromised servers. Widely used since 2012, the shell is only 4Kb in size and its payload is easy to modify, which makes it more difficult to detect.

China Chopper was used in the summer of 2018 in an attack that exploited an Adobe ColdFusion vulnerability tracked as CVE-2017-3066.

Another tool described in the report is Mimikatz, a popular open source application that has been around for more than a decade. Mimikatz has been used by many threat groups to steal passwords, including in the recent NotPetya and Bad Rabbit attacks.

Cybersecurity agencies have also warned of PowerShell Empire, a lateral movement framework released in 2015 as a legitimate penetration testing tool. PowerShell Empire allows attackers to elevate privileges, harvest credentials, log keystrokes, find nearby hosts, and move laterally across the network.

The tool was used in recent years in attacks aimed at the UK energy sector, South Korean organizations as part of a Winter Olympics-themed campaign, a multinational law firm, and academia.

The last hacking tool described in the report is HUC Packet Transmitter (HTran), which allows malicious actors to obfuscate communications. Hackers have been using it to evade detection, bypass security controls, obfuscate C&C traffic, and improve their C&C infrastructure.

“These tools have been used to compromise information across a wide range of critical sectors, including health, finance, government and defence. Their widespread availability presents a challenge for network defence and actor attribution,” the report reads. “Experience from all our countries makes it clear that, while cyber actors continue to develop their capabilities, they still make use of established tools and techniques. Even the most sophisticated groups use common, publicly-available tools to achieve their objectives.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.