Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
The Alchimist has a web interface in Simplified Chinese with remote administration features.
The attack framework is designed to target Windows, Linux and Mac machines.
Alchimist and Insekt binaries are implemented in GoLang.
This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.