CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks

JPCERT/CC reports a multi-country intrusion campaign (Sep–Dec 2024) that leveraged CrossC2 to create cross-platform Cobalt Strike Beacons and used a custom Nim-based loader (ReadNimeLoader) to sideload and execute Cobalt Strike payloads (via OdinLdr) on Windows and Linux/macOS targets; the attackers also used SystemBC, PsExec, Plink and AD-focused tooling, leaving numerous IOCs (hashes, IPs, domains) and a CrossC2 configuration parser to aid defenders, with attribution linking the activity potentially to BlackBasta.