Five Eyes cyber agencies detail list of popular hacking tools

To help network defenders around the world Canada and the other members of the Five Eyes intelligence partnership have issued a report detailing five publicly-available tools used by threat actors, including advice on how to limit their effectiveness and to detect their use.

“Experience from all our countries makes it clear that, while cyber actors continue to develop their capabilities, they still make use of established tools and techniques,” says the report, available on the home pages of each country’s cyber centre (see below). “Even the most sophisticated groups use common, publicly-available tools to achieve their objectives.”

The tools detailed fall into five categories: Remote Access Trojans (RATs) with the JBiFrost tool highlighted; Web Shells, with the China Chopper tool highlighted;  Credential stealers, with Mimikatz highlighted;  Lateral movement frameworks, focusing on PowerShell Empire; and Command and Control (C2) obfuscators, with HUC Packet Transmitter highlighted.

The report outlines the threat posed by each tool, where and when it has been deployed and ways to aid detection and limit the effectiveness of each tool.

So, for example, the section on the JBiFrost Remote Access Trojan — used to remotely take over a computer to install malware and exfiltrate data — notes it can have these indicators of compromise:

  • Inability to restart the computer in safe mode;
  • Inability to open the Windows registry editor or task manager;
  • Significant increase in disk activity and/or network traffic;
  • Connection attempts to known malicious IP addresses; and
  • Creation of new files and directories with obfuscated or random names.

Defences include patching systems, updated anti-virus and strict application whitelisting.

This is not an exhaustive list of attacker tools, the report cautions.

The report also helpfully has a list of 22 general cyber security mitigations, many of which are well-known (for example, set a strong password policy and multifactor authentication, treat people as your first line of defence). There’s also a link to a page of things management and boards should know and ask. This list could be valuable to small and medium-sized businesses who have small IT departments, because each mitigation includes links to other resources.

Note that many of these resources are specific to the websites of each country. So, for example, many of the links on the page from the Canadian Centre for Cyber Security go to the government’s site for more advice on carrying out these mitigations, while links for more information on the U.S. CERT page go to pages on that site or Britain’s National Cyber Security Centre. IT pros may want to look at each of the five sites to see if they carry information that might be more helpful than the Canadian site alone.

The report was prepared by the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the U.K. National Cyber Security Centre (UK NCSC) and the U.S. National Cybersecurity and Communications Integration Center (NCCIC).


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now