The Curious Case of the Comburglar
Summary
During a recent breach assessment, Black Hills Information Security (BHIS) discovered a stealthy and persistent intrusion technique used by a threat actor to maintain Command-and-Control (C2). This technique, dubbed 'Comburglar', involves the manipulation of legitimate Windows components to achieve its objectives.
IFF Assessment
FOE
The discovery of a new, stealthy intrusion technique that allows threat actors to maintain C2 communication is bad news for defenders.
Defender Context
Defenders should be aware of sophisticated C2 techniques that leverage legitimate system components to evade detection. This case highlights the importance of in-depth breach assessments and the need for advanced threat hunting capabilities to identify such persistent intrusions.