CP
cyberpings
Malware & RansomwareHIGH

Cobalt Strike Beacon Threat Expands with CrossC2 Tool

JPJPCERT/CCAug 14, 2025
Cobalt StrikeCrossC2ReadNimeLoadermalwareJPCERT/CC
🎯

Basically, attackers are using a new tool to spread malware across different computer systems.

Quick Summary

A new tool called CrossC2 is enabling attackers to spread Cobalt Strike Beacons across Linux and macOS. This poses a significant risk to users and businesses worldwide. JPCERT/CC is responding with analysis tools and guidance. Stay updated to protect your systems!

What Happened

A new threat is on the rise, and it’s called CrossC2. Between September and December 2024, JPCERT/CC reported incidents where this tool was used to create Cobalt Strike? Beacons targeting Linux operating systems. The attackers utilized CrossC2? alongside other malicious tools like PsExec and Plink to infiltrate Active Directory (AD)? systems. This attack isn't limited to Japan; it has been spotted across multiple countries, raising alarms globally.

CrossC2? is an unofficial tool that allows attackers to build Cobalt Strike? Beacons specifically for Linux and macOS. The tool operates by executing commands after establishing communication with a Cobalt Strike? TeamServer?. However, it has some limitations compared to the full version of Cobalt Strike?, making it a more accessible option for cybercriminals. The malicious activity is further complicated by the use of custom malware? named ReadNimeLoader, which acts as a loader? for the Cobalt Strike? Beacon.

Why Should You Care

This is not just a technical issue; it’s a potential threat to your personal data and business security. If you use Linux or macOS, your system could be at risk of being compromised by these attacks. Imagine if a thief could access your home through a backdoor; that’s what these attackers are doing to computer systems. They can steal sensitive information, disrupt operations, or even hold your data hostage.

The key takeaway is that this threat could affect anyone using these operating systems. If you’re a business owner, this could mean significant losses and damage to your reputation. For everyday users, it could lead to identity theft or loss of personal data.

What's Being Done

In response to these incidents, JPCERT/CC has released tools to help analyze CrossC2? and its implications. They are working to inform affected users and organizations about the risks involved. If you think you might be affected, here are some immediate actions you should take:

  • Update your software: Ensure that your operating systems and applications are up to date.
  • Monitor your systems: Keep an eye out for unusual activity, especially if you use Linux or macOS.
  • Educate your team: Make sure everyone in your organization understands the risks and how to spot potential threats.

Experts are closely watching how this campaign evolves and whether new variants of the malware? will emerge. Stay vigilant and proactive to protect your systems from these evolving threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The emergence of CrossC2 indicates a shift in attack vectors, emphasizing the need for cross-platform defenses against Cobalt Strike exploitation.

Original article from

JPCERT/CC

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

ClickFix Attackers Evolve Tactics to Bypass Security Measures

Microsoft warns about a new ClickFix phishing tactic. Attackers are tricking users into executing harmful commands via Windows Terminal. This method can compromise your data and security. Stay alert and educate yourself on these evolving threats!

CSO Online·Yesterday, 9:15 PM
HIGHMalware & Ransomware

Fake Google Meet Update Gives Attackers Control of Your PC

A fake Google Meet update is tricking users into giving hackers control of their PCs. This poses a serious risk to personal and sensitive data. Stay vigilant and avoid suspicious update prompts to protect yourself.

Malwarebytes Labs·Yesterday, 7:35 PM
HIGHMalware & Ransomware

Spyware Masquerades as Emergency App Targeting Israeli Smartphones

Israeli smartphones were targeted by spyware disguised as an emergency app. This deceptive tactic puts personal data at risk. Stay vigilant and verify app legitimacy to protect your privacy.

The Register Security·Yesterday, 6:56 PM
HIGHMalware & Ransomware

Metasploit Update: New Exploits and Enhanced Control Features

Metasploit has launched a new update with powerful exploits and features. Users of Tactical RMM and MajorDoMo are particularly at risk. Stay ahead of potential attacks by updating your systems and reviewing security measures.

Rapid7 Blog·Yesterday, 6:28 PM
HIGHMalware & Ransomware

New ClickFix Attack Uses Windows Terminal for Malicious Payloads

A new wave of ClickFix attacks targets Windows Terminal to deliver malicious payloads. Users are at risk of unauthorized access and data theft. Stay cautious and keep your software updated to protect yourself.

Cyber Security News·Yesterday, 6:05 PM
HIGHMalware & Ransomware

AI-Powered Malware: Transparent Tribe Targets India

A hacking group is using AI to create malware targeting India. This mass production of implants could compromise personal data and financial security. Experts recommend updating software and using strong passwords to protect against these threats.

The Hacker News·Yesterday, 3:11 PM