Manjusaka implants are being used as an alternative to Cobalt Strike attack by Chinese authorities

Security researchers warned that Manjusaka which is a new post-exploitation cyberattacking framework is being used as an alternative means to the Cobalt Strike toolset. Manjusaka is written in multi-paradigm Rust programming language and its binaries are written in Golang programming language designed at Google. Manjusaka has also armed with Remote Access Trojan (RAT) implants which help in command execution, file access, and network reconnaissance to run commands and receive compromised data from remote locations.

Security researchers at Cisco Talos who were investigating Cobalt Strike infection also discovered Manjusaka and observed that the threat actor used the same framework for both attacks. According to the researchers, a malicious document disguised as a COVID-19 report has infected various devices. Manjusaka implants were downloaded as EXE or ELF files instead of the Cobalt Strike toolkit. Cisco Talos researchers defined this attack as an imitation of the Cobalt Strike framework.

According to the reports of Cisco Talos, both Windows and Linux versions can be infected using this framework. As the Manjusaka implants consist of RAT and a file management module, RAT has been responsible for conducting arbitrary commands via cmd.exe to collect credentials from web browsers, WiFi SSID, and account details under respective network connections. It has been also observed to steal Premiumsoft’s Navicat credentials, inspected hardware details, and captured screenshots of currently used desktops. Manjusaka’s file management module can perform file enumeration, create directories, read or write file contents, delete files or directories, and can move files to multiple locations.

However, security officials from Cisco Talos also added that the Manjusaka is in its testing phase but the framework is highly powerful. Although the threat actor will not be using Manjusaka implants as a free version and it is a relieving sign as its use will have some restrictions. The security officials have observed its lure document is written in Chinese which states that the developers are based in China.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i