All articles tagged with #command and control
Researchers show that AI assistants like Grok and Microsoft Copilot can be abused as covert command-and-control relays for malware, directing the AI to fetch attacker-controlled URLs and relay results back via WebView2, potentially bypassing safeguards; Microsoft acknowledges the risk and recommends defense-in-depth to block infections and limit post-compromise activity.
Cybersecurity researchers warn that AI assistants with web-browsing capabilities (such as Microsoft Copilot and xAI Grok) can be hijacked as stealthy, bidirectional command-and-control relays. By feeding crafted prompts, attackers can issue commands to a compromised host and exfiltrate data via trusted AI services, effectively turning living-off-trusted-sites (LOTS) into C2 channels and enabling AI-assisted malware operations and real-time evasion, without requiring API keys.
Chinese state-sponsored group APT41 exploited Google Calendar for malware C2 operations, using a sophisticated multi-stage malware to target government entities and organizations worldwide, with Google taking measures to neutralize the campaign.
Cybersecurity experts have identified a new malware framework, Winos 4.0, being distributed through gaming-related applications like optimization tools. This advanced malware, derived from Gh0st RAT, targets Chinese-speaking users by leveraging black hat SEO and social media to spread. Once installed, it initiates a multi-stage infection process, ultimately allowing attackers to control compromised systems, steal information, and deploy additional malicious plugins. The malware is particularly concerning for its ability to harvest data from cryptocurrency wallets and educational organizations.
Google warns of threat actors using a public proof-of-concept exploit called Google Calendar RAT, which utilizes the Calendar service as a command-and-control (C2) infrastructure. The exploit creates a covert channel by exploiting event descriptions in Google Calendar, making it difficult for defenders to detect malicious activity. While Google has not observed the use of Google Calendar RAT in the wild, Mandiant has seen multiple actors sharing the exploit on underground forums. This follows previous instances of threat actors abusing Google services for their operations.
During the Cold War, the U.S. developed the AN/DRC-8 Emergency Rocket Communications System (ERCS) as a backup plan for launching nuclear missiles in the event that land-based and airborne command and control systems were destroyed. The ERCS was an autonomous system that transmitted nuclear launch codes from suborbital space via rockets. It was initially launched using Blue Scout Junior rockets but later transitioned to Minuteman missiles. The ERCS became fully operational in the 1960s and was deactivated in 1991. The U.S. still retains the ability to remotely send launch orders to Minuteman III silos via the ALCS on the E-6B Mercury aircraft.
US and South Korean marines have coordinated drills from the USS Blue Ridge, the Seventh Fleet's flagship, during the second phase of the Ulchi Freedom Shield exercise. The amphibious command-and-control headquarters, located approximately 720 miles away from the Korean Peninsula, allows for simulated command and control from the sea, enhancing their capability to respond and defend against any threat to South Korea. The USS Blue Ridge is equipped with a communication suite and is described as the most capable command ship ever built.
The success of Ukraine in destroying Russian command posts using long-range weapons has raised concerns among US Army leaders about the vulnerability of their own command posts. The size and emissions of US Army command posts make them easily detectable and targetable by sensors and precision weapons. Disrupting command and control can render even the strongest military unit helpless, as demonstrated by Ukraine's actions in the war with Russia. The article suggests that command posts need to become more agile and data-centric, utilizing technology such as the cloud and virtual reality to reduce their physical footprint and increase their agility.
The Wagner Group, a Russian paramilitary force, has created a rift between the regular Russian military and its founder and financier, Yevgeny Prigozhin. The Russian military has attempted to formalize control over irregular forces, but Wagner has resisted. The infighting has caused concern among pro-war ultranationalist communities and has led to a lack of communication and cohesion between Russian forces fighting in Ukraine. Despite the dysfunction, uncooperative coalitions of forces have in the past still managed to achieve battlefield victories.