Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence

The Hacker News

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed.

“ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,” Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report published this week.

“Cobalt attacked financial institutions to steal funds. One of Cobalt’s hallmarks was the use of the CobInt tool, something ExCobalt began to use in 2022.”


Attacks mounted by the threat actor have singled out various sectors in Russia over the past year, including government, information technology, metallurgy, mining, software development, and telecommunications.

Initial access to environments is facilitated by taking advantage of a previously compromised contractor and a supply chain attack, wherein the adversary infected a component used to build the target company’s legitimate software, suggesting a high degree of sophistication.


The modus operandi entails the use of various tools like Metasploit, Mimikatz, ProcDump, SMBExec, Spark RAT for executing commands on the infected hosts, and Linux privilege escalation exploits (CVE-2019-13272, CVE-2021-3156, CVE-2021-4034, and CVE-2022-2586).

GoRed, which has undergone numerous iterations since its inception, is a comprehensive backdoor that allows the operators to execute commands, obtain credentials, and harvest details of active processes, network interfaces, and file systems. It utilizes the Remote Procedure Call (RPC) protocol to communicate with its command-and-control (C2) server.


What’s more, it supports a number of background commands to watch for files of interest and passwords as well as enable reverse shell. The collected data is then exported to the attacker-controlled infrastructure.

“ExCobalt continues to demonstrate a high level of activity and determination in attacking Russian companies, constantly adding new tools to its arsenal and improving its techniques,” the researchers said.

“In addition, ExCobalt demonstrates flexibility and versatility by supplementing its toolset with modified standard utilities, which help the group to easily bypass security controls and adapt to changes in protection methods.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket