Security experts at Palo Alto Networks assert that nation-state attackers have employed the Brute Ratel C4 (BRc4) red-teaming and adversarial attack simulation tool to avoid detection. Released in December 2020, BRc4 has been specifically created to avoid detection by security solutions and offers a level of sophistication comparable to that of Cobalt Strike.
Researchers from Palo Alto Networks discovered many connections from a Ukrainian IP that was probably used to manage the command and control (C&C) infrastructure. They also discovered an IP address hosted by Amazon AWS that communicates with Brute Ratel C4.
Additionally, the researchers discovered a number of possible victims, including a company in Argentina, a provider of IP television with programming from North and South America, and a Mexican textile factory.