Security News > 2022 > August > Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike."

"A fully functional version of the command-and-control, written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos said in a new report.

Written in Rust, Manjusaka - meaning "Cow flower" - is advertised as an equivalent to the Cobalt Strike framework with capabilities to target both Windows and Linux operating systems.

Talos said it made the discovery during its investigation of a maldoc infection chain that leverages COVID-19-themed lures in China to deliver Cobalt Strike beacons on infected systems, adding the same threat actor also used the implants from the Manjusaka framework in the wild.

"The availability of the Manjusaka offensive framework is an indication of the popularity of widely available offensive technologies with both crimeware and APT operators," the researchers said.

"This new attack framework contains all the features that one would expect from an implant it is written in the most modern and portable programming languages. The developer of the framework can easily integrate new target platforms like MacOSX or more exotic flavors of Linux as the ones running on embedded devices."

News URL

https://thehackernews.com/2022/08/chinese-hackers-using-new-manjusaka.html