Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sasken Partners with VicOne to Deliver End-to-End Automotive Cybersecu...
Ricoh named in TIME World’s Best Companies of 2025 for employee ...
SU Group Holdings Receives Notice of Delisting from Nasdaq Due to Mini...
Fescaro, TUV Nord join forces on auto cybersecurity compliance
Four high-severity flaws found in ERP firm’s products threaten million...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Combating the surge in Asia Pacific credential abuse and ransomware

      Combating the surge in Asia Pacific credential abuse and ransomware

      Wednesday, September 17, 2025, 5:06 PM Asia/Singapore | Features
    • Featured

      The rise of digital wallets: What businesses in APAC need to know

      The rise of digital wallets: What businesses in APAC need to know

      Tuesday, September 2, 2025, 1:59 PM Asia/Singapore | Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Hackers extend Cobalt Strike attacks to Linux and macOS

By CybersecAsia editors | Monday, August 18, 2025, 3:43 PM Asia/Singapore

Hackers extend Cobalt Strike attacks to Linux and macOS

Cross-platform attacks can now target underprotected Linux and macOS systems, raising risks of ransomware and stealthy intrusions to new heights.

Hackers have just been caught extending the reach of the notorious Cobalt Strike Beacon to Linux and macOS systems — by using a command-and-control (C2) framework called CrossC2.

This cross-platform capability dramatically broadens the attack surface, allowing hackers to penetrate and control diverse environments that often lack sufficient endpoint detection.

Between September and December 2024, a campaign leveraging CrossC2 demonstrated highly sophisticated techniques, including stealthy memory execution and anti-analysis measures, to infiltrate networks and evade detection, according to Japan’s CERT coordination center (JPCERT/CC).

The attackers had used a custom loader named ReadNimeLoader, which abuses a legitimate java.exe process to load malicious payloads invisibly. This method was paired with traditional tools like PsExec and Plink to break into Active Directory environments quietly.

Notably, this campaign shares infrastructure and tactics with ransomware groups such as BlackSuit and Black Basta, as well as the use of SystemBC backdoors that facilitate further malicious deployment.

The expansion of Cobalt Strike’s operational scope to Linux and macOS servers is particularly alarming because many of these systems are underprotected, creating critical vulnerabilities within internal networks. Experts warn that these techniques could become widespread as cybercrime groups continue to exchange tradecraft and infrastructure. The overlap with known ransomware actors increases the risk of data exfiltration and extortion, raising the stakes for any business or organization relying on Linux or macOS in their network.

Many incident response teams and system administrators now face mounting challenges in detecting and stopping such cross-platform threats. This latest cybercriminal development underscores the evolving tactics of cyber adversaries that leverage advanced frameworks such as CrossC2 to maintain persistence and control across multiple platforms. By utilizing loaders written in languages such as Nim, and leveraging open-source shellcode tactics, attackers can blend in with legitimate activity and evade forensic investigation.

To address this broader threat landscape organizations will need to escalate their security posture by implementing monitoring and defensive solutions beyond traditional Windows environments.

Share:

PreviousONESECURE Unveils Innovative WEBYITH Service to Combat Web Defacement and Web Spoofing
NextThe completion of the off-site data backup system strengthens the foundation of data security

Related Posts

Tackling the security implications of super-accelerated healthcare DX

Tackling the security implications of super-accelerated healthcare DX

Wednesday, November 3, 2021

Rise in cyberattacks in the wake of COVID-19 explained

Rise in cyberattacks in the wake of COVID-19 explained

Wednesday, April 8, 2020

WFH staff gain cybersecurity awareness during lockdowns: survey

WFH staff gain cybersecurity awareness during lockdowns: survey

Tuesday, July 14, 2020

Next-gen phishing kits are helping the average Joe to pull off scams

Next-gen phishing kits are helping the average Joe to pull off scams

Thursday, April 8, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.