TZUTC: -0500   
   MSGID: 1225.consprcy@1:2320/105 2cd3afee   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   This top security platform is being hacked to carry out malware threats   
      
   Date:   
   Tue, 08 Jul 2025 16:04:00 +0000   
      
   Description:   
   A patch should have now made future attacks using Shellter Elite impossible.   
      
   FULL STORY   
      
   A popular commercial pentesting tool was being abused for months in malware   
   delivery campaigns, thanks to a reckless, or possibly even malicious,   
   customer.    
      
   Security researchers from Elastic Security Labs found threat actors abusing   
   Shellter Elite, the premium version of SHELLTER, to deploy infostealers and   
   bypass modern antivirus and EDR defenses.    
      
   Elastic Security Labs is observing multiple campaigns that appear to be   
   leveraging the commercial AV/EDR evasion framework, SHELLTER, to load    
   malware, the researchers said in their report .    
      
   "Reckless and unprofessional"    
      
   Shellter was originally designed for ethical red team operations, to be used   
   for penetration testing. To obtain a copy, a company must reach out to   
   Shellter and purchase a license. One of the clients seems to have leaked a   
   copy of Shellter Elite v11.0, which was later picked up by malicious actors   
   and abused in the wild.    
      
   This was subsequently confirmed by the Shellter Project, the tools vendor,    
   who also slammed Elastic for keeping the knowledge about abuse a secret.    
      
   Elastic Security Labs chose to act in a manner we consider both reckless and   
   unprofessional. They were aware of the issue for several months but failed to   
   notify us. Instead of collaborating to mitigate the threat, they opted to   
   withhold the information in order to publish a surprise exposprioritizing   
   publicity over public safety, the vendor said.    
      
   Once the cat was out of the bag, Shellter Project was able to do two key   
   things: identify the (potentially) malicious company that leaked the tool and   
   release a patch that would prevent future abuse. They also said a patch was    
   in the pipeline already, and that they were lucky not to have released it   
   sooner.    
      
   Due to this lack of communication, it was sheer luck that the implicated   
   customer did not gain access to our upcoming release. Had we not postponed    
   the launch for unrelated personal reasons, they would have received a new   
   version with enhanced runtime evasion capabilitieseven against Elastics own   
   detection mechanisms.    
      
   The newest Elite version 11.1 will only be distributed to vetted customers,   
   excluding the leaker.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/this-top-security-platform-is-being-hac   
   ked-to-carry-out-malware-threats   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426