Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS
17.08.2025
16584
CrossC2-enabled attacks from Sept–Dec 2024 target Linux, overlap with ransomware, bypass EDR for stealth.
Hackers are now leveraging CrossC2 to extend the notorious Cobalt Strike Beacon's capabilities beyond Windows, targeting Linux and macOS systems. This development marks a significant escalation in the tool's threat landscape.
Between September and December 2024, attacks utilizing CrossC2 have been observed targeting Linux systems, with overlaps to ransomware operations. These attacks are designed to bypass Endpoint Detection and Response (EDR) systems, ensuring stealth and persistence.
The Japan CERT has issued warnings about these CrossC2-enabled attacks, highlighting their sophistication and the challenges they pose to traditional cybersecurity defenses. The use of CrossC2 in these attacks underscores the evolving tactics of cybercriminals to exploit a broader range of operating systems.
- • CrossC2 extends Cobalt Strike Beacon's reach to Linux and macOS.
- • Attacks observed from September to December 2024 target Linux systems.
- • Operations overlap with ransomware, enhancing their destructive potential.
- • EDR bypass techniques ensure attackers remain undetected.
- • Japan CERT highlights the sophistication of these attacks.
#EDR tools#hack#malware#cybersecurity#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
