Splinter is a threat actor group known for its malicious activities, with its primary tool being a post-exploitation red team tool, also named Splinter. The tool was discovered on several client systems and is characterized by its task-based model, which is common among post-exploitation frameworks. While not as sophisticated as some other tools like Cobalt Strike, Splinter still poses a significant threat to organizations if misused. It uses classic process injection methods for running additional modules and synchronizes tasks, maintains a heartbeat connection, and manages file uploads or downloads through specific URL paths on the attacker's Command and Control (C2) server.
In recent developments, an individual named Kalana Limkin from Hilo, Hawaii, has been arrested and has admitted to being associated with CVLT and 764, as well as being the founder of a harmful splinter group called Cultist. This group is considered a subset of the larger Splinter threat actor group. The association of Limkin with these groups indicates that the threat posed by Splinter is not only virtual but also physical, with real-world implications.
Palo Alto Networks has taken steps to protect its customers against the Splinter post-exploitation tool through its Advanced WildFire system. This system classifies Splinter malware samples as malicious and offers various memory analysis features to combat them. Despite no direct threat actor activity identified with the Splinter toolset during their analysis, Palo Alto Networks continues to take proactive measures due to the potential risk posed by such tools.
Description last updated: 2024-10-17T12:22:30.375Z