A Chinese cyber espionage group targeting organizations and individuals in China and Japan has remained under the radar for roughly five years, cybersecurity firm ESET https://www.eset.com reports. Researchers have tracked it as Blackwood and active since at least 2018, the Advanced Persistent Threat (APT) actor has been using Adversary-in-the-Middle (AitM) attacks to deploy a sophisticated implant via the update mechanisms of legitimate software such as Sogou Pinyin, Tencent QQ, and WPS Office
command-and-control (2)
Chinese developers have created a new command-and-control (C2) framework with features and functionality similar to Cobalt Strike and Sliver. The new framework is called Manjusaka.
Cisco Talos researchers have discovered the C2 framework in the wild running in parallel with Cobalt strike. The initial investigation began with a Cisco Talos response to a Cobalt Strike beacon detection that was installed from a malicious Microsoft Word Document. The document was sent in an email as an attachment