Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik Reichel said. "While Splinter is not as advanced as other well-known post-exploitation tools like Cobalt Strike, it still presents a potential threat to organizations if it is misused." Penetration testing tools are often used for red team operations to flag potential security issues in a company's network. However, such adversary simulation tools can also be weaponized by threat actors to their advantage. Unit 42 said it has not detected any threat actor activity associated with the Splinter tool set. There is no information as yet on who developed the tool. Artifacts unearthed by the cybersecurity firm reveal that they are "exceptionally large," coming in around 7 MB, primarily owing to the presence of 61 Rust crates within it. Splinter is no different than other post-exploitation frameworks in that it comes with a configuration that includes information about the command-and-control (C2) server, which is parsed in order to establish contact with the server using HTTPS. "Splinter implants are controlled by a task-based model, which is common among post-exploitation frameworks,"…Read More