The Manjusaka hacking framework linked to Cobalt Strike attacks

August 10, 2022
Manjusaka Hacking Framework Cobalt Strike Cyberattacks Chinese Hackers

Chinese threat groups were found using a new hacking framework dubbed Manjusaka, which security experts have associated with Cobalt Strike and Sliver attack frameworks.

As described in a report, Manjusaka is a Rust-based hacking framework with a Chinese-written user interface. This new tool is also freely available and helps threat actors to generate new implants through easily customised configurations.

The two frameworks associated with Manjusaka, Cobalt Strike and Sliver, are hacking frameworks that threat actors use in launching post-exploitation attacks, including network reconnaissance, deploying additional payloads, and lateral movement on the system. Both Manjusaka and Cobalt Strike can target Windows and Linux operating systems.

 

The Manjusaka hacking framework is made up of numerous remote access trojan (RAT) capabilities, including standard functionalities of a hacking tool and a file management module.

 

Once deployed in a targeted system, Manjusaka could execute arbitrary commands, collect credentials from a wide range of web browsers, steal WiFi passwords, capture screenshots, and acquire detailed system information.

The tool’s dedicated file management module can also be launched to perform several activities, including enumerating and managing files and directories on the victim’s system.

The tool was found during a maldoc infection chain investigation that involved exploiting the pandemic to target victims and launch Cobalt Strike beacons. The attacker behind the campaign was found using Manjusaka framework implants, thus revealing its existence.

Security researchers believe that the hacking framework is still under active development. There is also some evidence that its components are sold to other threat actors to be of service. Moreover, they also know that its existence implies the wide range of offensive technologies cybercriminals, like APT groups, use in their campaigns.

The experts also noted that Manjusaka could be one of the most sophisticated frameworks next to Cobalt Strike and Sliver, considering that it is also written in convenient and novel programming languages.

About the author