Chinese threat actors have been using the new Manjusaka attack framework, which is being promoted as an alternative to Cobalt Strike, according to BleepingComputer.
Cisco Talos researchers first discovered Manjusaka in a malicious document posing as a COVID-19 case report in a Tibetan city, which had a VBA macro enabling the retrieval and loading of Cobalt Strike as a second-stage payload. However, Cobalt Strike was not only leveraged as the primary attack toolkit but also as a means to facilitate Manjusaka implant downloading for Windows or Linux systems.
Similar capabilities have been found in Windows and Linux versions of Manjusaka, both of which have a remote access trojan with arbitrary command execution, browser-stored credential theft, and WiFi SSID and password exfiltration capabilities, as well as a file management module with file enumeration, directory creation, and file deletion features.
"This new attack framework contains all the features that one would expect from an implant, however, it is written in the most modern and portable programming languages. The developer of the framework can easily integrate new target platforms like MacOSX or more exotic flavors of Linux as the ones running on embedded devices. The fact that the developer made a fully functional version of the C2 available increases the chances of wider adoption of this framework by malicious actors," said Cisco Talos.
Ahead of its imminent approval, the Biden administration's proposed executive order mandating U.S. cloud infrastructure-as-a-service providers to strengthen the verification of their users' identities has received industry opposition due to the increased financial and logistical burdens that would arise from such a rule, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.