Japan’s CERT observed cyberattacks using CrossC2, a tool that extends Cobalt Strike capabilities to multiple platforms including Linux and macOS. The attacks involved sophisticated malware loaders like ReadNimeLoader, which deploy in-memory shellcode to evade detection. #CrossC2 #ReadNimeLoader
Keypoints
- Japan’s JPCERT/CC detected cyberattacks using the CrossC2 command-and-control framework.
- The threat actor employed tools such as PsExec, Plink, and Cobalt Strike to target Active Directory.
- ReadNimeLoader is a custom, in-memory malware loader written in Nim that evades detection.
- The campaign shows overlaps with BlackBasta ransomware activities, sharing C2 domains and files.
- Linux servers without EDR are at increased risk of infection and further compromise.
Read More: https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html