Chinese Hackers Develop a New Hacking Framework Similar to Cobalt Strike - Manjusaka

A new report released by Cisco Talos states that a fully functional version of the command and control is written using Golang and has a User Interface in Simplified Chinese. It is available freely and can be used to generate new implants with relative ease with custom configurations. Therefore, it is likely that many malicious actors will adopt this framework.

Manjusaka is considered a Chinese sibling of Silver and Cobalt Strike. They are legitimate adversary emulation frameworks that researchers believe have been repurposed by threat actors to help them carry out certain post-exploitative activities. These activities include lateral movement, network reconnaissance, and fascinating the deployment of follow-on payloads. 

Manjusaka means cow-flower and is written in Rust. It is advertised to be equivalent to the Cobalt Strike framework. Its capabilities include being able to target computers using both Windows and Linux operating systems. The developers of this hacking framework are believed to be located in China, specifically in the Guangdong region. 

The researchers note that the implant consists of many remote access trojans, also called RAT,  capabilities. These include some standard functionality and also a dedicated file management module. 

Therefore, the supported features include executing arbitrary commands, gathering passwords, and harvesting browser credentials from web browsers such as Google Chrome, Opera, Brave, Qihoo 360, Tencent QQ Browser, and Vivaldi. It is also able to obtain comprehensive system information. 

Manjusaka can also launch the file management module and carry out various activities, including managing files and directories and enumerating files on compromised systems. 

The existence of Manjusaka and its availability, according to researchers, indicates that there is a popularity of offensive technologies that are widely available and have both crimeware and APT operators. 

Furthermore, they also believe this new attack framework has all the features you would expect from an implant. However, it is written in the most portable and modern programming language. Therefore, it can easily be integrated into new target platforms, including MacOSX.

Read also:

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Show Buttons
Hide Buttons