Security News

A previously undocumented command-and-control framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News.

Cybersecurity researchers have discovered a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems. Alchimist offers a web-based interface using the Simplified Chinese language, and it's very similar to Manjusaka, a recently-emerged post-exploitation attack framework growing popular among Chinese hackers.

A game changer in cyber incident response, the Dissect framework enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT environment to be investigated after an attack. Now it is available on GitHub to the security community as open source software to help advance and accelerate forensic data collection and analysis.

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea.

Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals. Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control framework in their intrusion campaigns as a replacement for Cobalt Strike. Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based open source C2 platform that supports user-developed extensions, custom implant generation, and other commandeering options.

Building your organization's security framework. 3 pro tips for building your lean security framework.

Building your organization's security framework. Why build your security framework from scratch, when you could steal a page from other pros in the space? Get quick tips from their free guide for bootstrapped IT security teams below.

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control, written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors," Cisco Talos said in a new report.

Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy. Its RAT implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike.