August 05, 2022  — 
Eric Swotinsky

New attack framework Manjusaka is similar to Cobalt Strike

Researchers have observed a new post-exploitation attack framework in the wild. Manjusaka, as it's called, can be deployed as an alternative to the popular Cobalt Strike toolset ⁠— or parallel to it for redundancy.

Manjusaka uses implants written in the cross-platform Rust programming language, while its binaries are written in the equally versatile GoLang. Its RAT (remote-access trojan) implants support command execution, file access, network reconnaissance and more, so attackers can use it for the same operational goals as Cobalt Strike. Both the Windows and Linux versions of the implant feature have near-identical capabilities, and implement similar communication mechanisms.

At the moment, Manjusaka appears to be tentatively deployed in the wild for testing purposes, so development is likely not in the final stages. However, it's already powerful enough for real-world use. Threat actors are expected to continue gradually moving away from Cobalt Strike, and alternatives like Manjusaka will fill the void.

Acronis Cyber Protect Cloud detects and blocks malware used in such attacks, with the included multi-layered behavioral and AI-powered detection engines.