Story of new Attack Framework
Attack frameworks are becoming prevalent across the threat landscape. Adversarial frameworks consist of a command and control tool and the custom Remote Administration Tools which can be employed by various threat actors in their campaigns. As defenders, it is important to keep track of offensive frameworks so that enterprises can effectively defend against attacks employing these tools.
In this presentation, I will talk about the Cisco Talos discovery of new attack frameworks known as Manjusaka and Alchimist in the wild which consist of command and control tools and Remote Administration Tools that contain all the features one would expect from an implant. These tools are written in the most modern and portable programming languages to target Windows, MacOSX and more exotic flavors of Linux operating systems. The fact that the developer made a fully functional version of the C2 available would increase the chances of wider adoption of this framework by malicious actors.
Chetan Raghuprasad
Chetan Raghuprasad is a Threat Research with the Cisco Talos Intelligence Group, focusing on threat hunting of latest threats and campaigns in the threat landscape using telemetry data / OSINT, reversing malware to uncover its TTPs to identify actor’s motive and performs classification / attribution.Chetan also represents Cisco Talos publicly by publishing his research in Talos blogs and speaking at the IT conferences in the world.
Chetan Raghuprasad has 14 years of experience in the Information Security sector, having worked within cyber incident response, Digital forensics, Cyber threat research at Financial institutions, Consulting and Technology companies.