THREATOPS
THREAT OPSThreat News › CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks

CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks

lowjpcert_blogPublished 2025-08-14

<p>From September to December 2024, JPCERT/CC has confirmed incidents involving CrossC2, the extension tool to create Cobalt Strike Beacon for Linux OS. The attacker employed CrossC2 as well as other tools such as PsExec, Plink, and Cobalt Strike in attempts to penetrate AD. Further investigation revealed that the attacker used custom malware (hereafter referred to as <strong>"ReadNimeLoader"</str

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://blogs.jpcert.or.jp/en/2025/08/crossc2.html