A new Chinese-language command-and-control (C2) attack framework is being widely used in attacks targeting Windows, Linux and Mac machines. It is equipped with a new malware, named Insekt, having remote administration functionalities.
• Cisco Talos researchers discovered a new attack framework which uses command and control (C2) tool called Alchimist having a web interface in simplified Chinese and a new malware Insekt with remote administration capabilities.
• The framework shares similarities with a separate tool called Manjusaka that Cisco Talos discovered in August: both are single-file based with the implants and the web interfaces, and both are written in Chinese. But there are differences when it comes to implementation.
• Alchimist and Insekt binaries are implemented in GoLang.
• This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.