{"id":1212,"date":"2025-07-09T05:59:08","date_gmt":"2025-07-09T05:59:08","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/07\/09\/red-team-tool-developer-shellter-admits-misuse-by-adversaries\/"},"modified":"2025-07-09T05:59:08","modified_gmt":"2025-07-09T05:59:08","slug":"red-team-tool-developer-shellter-admits-misuse-by-adversaries","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/07\/09\/red-team-tool-developer-shellter-admits-misuse-by-adversaries\/","title":{"rendered":"Red Team Tool Developer Shellter Admits \u2018Misuse\u2019 by Adversaries"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The developers behind a popular AV\/EDR evasion tool have confirmed it is being used by malicious actors in the wild, while slamming a security vendor for failing to responsibly disclose the threat.<\/p>\n<p>Shellter is used by professional red teams and pen testers to evade security tools while probing their clients\u2019 attack surface.<\/p>\n<p>However, like Cobalt Strike and other commercial tools of this sort, it is highly prized by threat actors.<\/p>\n<p>Elastic Security Labs reported last week that a copy of Shellter Elite had been abused in this way, in attacks designed to deploy infostealers.<\/p>\n<p><em>Read more on Shellter: Dragonfly 2.0 Attackers Probe Energy Sector<\/em><\/p>\n<p>\u201cDespite our rigorous vetting process \u2013 which has successfully prevented such incidents since the launch of Shellter Pro Plus in February 2023 \u2013 we now find ourselves addressing this unfortunate situation,\u201d the Shellter Project confirmed in a blog post responding to the Elastic research.<\/p>\n<p>However, while thanking the search and cybersecurity company for providing samples to confirm the identity of the erring customer, Shellter also took aim at perceived \u201cshortcomings\u201d in how Elastic disclosed the incident.<\/p>\n<p>\u201cElastic Security Labs chose to act in a manner we consider both reckless and unprofessional,\u201d Shellter argued.<\/p>\n<p>\u201cThey were aware of the issue for several months but failed to notify us. Instead of collaborating to mitigate the threat, they opted to withhold the information in order to publish a surprise expos\u00e9 \u2013 prioritizing publicity over public safety.\u201d<\/p>\n<p>The Shellter Project claimed that this lack of disclosure meant that it almost unwittingly sent the malicious customer a new version of the product with enhanced runtime evasion capabilities. It said that the update was fortunately delayed for \u201cunrelated personal reasons,\u201d meaning the customer will never receive it.<\/p>\n<p>\u201cUltimately, this situation highlights a troubling disconnect between Red Team and Blue Team research communities. Elastic chose spectacle over responsible disclosure, putting both their customers and the broader public at risk,\u201d it claimed.<\/p>\n<p>\u201cWhile it\u2019s true that we distribute this software, we do so through a rigorous vetting process. Had we been aware of any malicious use, we would have taken immediate action.\u201d<\/p>\n<p>Law enforcers have also been stepping in to keep pen testing tools out of the hands of threat actors.<\/p>\n<p>Cobalt Strike developer Fortra said earlier this year that the long-running Operation Morpheus, led by the UK\u2019s National Crime Agency (NCA),\u00a0had helped to drive an 80% reduction in the number of copies observed in the wild.<\/p>\n<p><em>Infosecurity<\/em> has reached out to Elastic for further comment and will update this story accordingly.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The developers behind a popular AV\/EDR evasion tool have confirmed it is being used by malicious actors in the wild, while slamming a security vendor for failing to responsibly disclose the threat. Shellter is used by professional red teams and pen testers to evade security tools while probing their clients\u2019 attack surface. However, like Cobalt<\/p>\n","protected":false},"author":2,"featured_media":1213,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1212","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1212-eefe7049-8d83-405f-9b73-d58b2dfcfd0c-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=1212"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1212\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/1213"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=1212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=1212"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=1212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}