Threat Actors Leverage CrossC2 To Extend Cobalt Strike To Linux And MacOS - Cybernoz - Cybersecurity News

Threat Actors Leverage CrossC2 To Extend Cobalt Strike To Linux And MacOS - Cybernoz - Cybersecurity News

JPCERT/CC verified a number of events in which threat actors were seen using CrossC2, an unofficial extension tool that creates Cobalt Strike Beacons that work with Linux and macOS. This campaign, which targeted Active Directory (AD) infrastructures, involved the use of CrossC2 alongside established tools such as PsExec for lateral movement, Plink for SSH tunneling, and native Cobalt Strike payloads. Further analysis revealed the integration of …

Threat Actors Leverage CrossC2 to Extend Cobalt Strike to Linux and macOS

JPCERT/CC verified a number of events in which threat actors were seen using CrossC2, an unofficial extension tool that creates Cobalt Strike Beacons that work with Linux and macOS. This campaign, which targeted Active Directory (AD) infrastructures, involved the use of CrossC2 alongside established tools such as PsExec for lateral movement, Plink for SSH tunneling, […] The post Threat Actors Leverage CrossC2 to Extend Cobalt Strike to Linux and…

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control. The agency said the activity was detected between September and December 2024, targeting