Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Insider threats cited alongside external attacks in terms of severity:...
How are people in 15 countries leveraging AI for travel planning?
North America financial institutions lead surge in financial regulator...
Resilience the true benchmark for smart infrastructure
Vast foreign-run cybercrime networks taken down in Africa
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
    • Featured

      Deepfake a crisis of trust, not just technology

      Deepfake a crisis of trust, not just technology

      Tuesday, August 19, 2025, 10:06 AM Asia/Singapore | Features
    • Featured

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      Thursday, August 14, 2025, 12:26 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Hackers extend Cobalt Strike attacks to Linux and macOS

By CybersecAsia editors | Monday, August 18, 2025, 3:43 PM Asia/Singapore

Hackers extend Cobalt Strike attacks to Linux and macOS

Cross-platform attacks can now target underprotected Linux and macOS systems, raising risks of ransomware and stealthy intrusions to new heights.

Hackers have just been caught extending the reach of the notorious Cobalt Strike Beacon to Linux and macOS systems — by using a command-and-control (C2) framework called CrossC2.

This cross-platform capability dramatically broadens the attack surface, allowing hackers to penetrate and control diverse environments that often lack sufficient endpoint detection.

Between September and December 2024, a campaign leveraging CrossC2 demonstrated highly sophisticated techniques, including stealthy memory execution and anti-analysis measures, to infiltrate networks and evade detection, according to Japan’s CERT coordination center (JPCERT/CC).

The attackers had used a custom loader named ReadNimeLoader, which abuses a legitimate java.exe process to load malicious payloads invisibly. This method was paired with traditional tools like PsExec and Plink to break into Active Directory environments quietly.

Notably, this campaign shares infrastructure and tactics with ransomware groups such as BlackSuit and Black Basta, as well as the use of SystemBC backdoors that facilitate further malicious deployment.

The expansion of Cobalt Strike’s operational scope to Linux and macOS servers is particularly alarming because many of these systems are underprotected, creating critical vulnerabilities within internal networks. Experts warn that these techniques could become widespread as cybercrime groups continue to exchange tradecraft and infrastructure. The overlap with known ransomware actors increases the risk of data exfiltration and extortion, raising the stakes for any business or organization relying on Linux or macOS in their network.

Many incident response teams and system administrators now face mounting challenges in detecting and stopping such cross-platform threats. This latest cybercriminal development underscores the evolving tactics of cyber adversaries that leverage advanced frameworks such as CrossC2 to maintain persistence and control across multiple platforms. By utilizing loaders written in languages such as Nim, and leveraging open-source shellcode tactics, attackers can blend in with legitimate activity and evade forensic investigation.

To address this broader threat landscape organizations will need to escalate their security posture by implementing monitoring and defensive solutions beyond traditional Windows environments.

Share:

PreviousONESECURE Unveils Innovative WEBYITH Service to Combat Web Defacement and Web Spoofing
NextThe completion of the off-site data backup system strengthens the foundation of data security

Related Posts

Running outdated software on your server? Don’t be a sitting duck!

Running outdated software on your server? Don’t be a sitting duck!

Thursday, September 23, 2021

Remote-working risks are here to stay: holistic cybersecurity leads the way       

Remote-working risks are here to stay: holistic cybersecurity leads the way       

Thursday, January 23, 2025

What? Yet another malware debacle in the Android official app store?

What? Yet another malware debacle in the Android official app store?

Monday, March 24, 2025

When can we bid passwords a glad goodbye?

When can we bid passwords a glad goodbye?

Thursday, April 22, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.