Security News > 2022 > August > Chinese hackers use new Cobalt Strike-like attack framework

Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy.
Its RAT implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike.
"Cisco Talos recently discovered a new attack framework called"Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape.
This framework is advertised as an imitation of the Cobalt Strike framework," warns the Cisco Talos researchers.
"This new attack framework contains all the features that one would expect from an implant it is written in the most modern and portable programming languages."
Threat actors are expected to continue moving away from Cobalt Strike gradually, and many alternative attack frameworks will likely appear, attempting to grow into the new market opportunity.
News URL
Related news
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)