Europol announced that a week-long operation in late June shut down nearly 600 IP addresses supporting illegal Cobalt Strike copies.
Europol announced that a week-long operation in late June shut down nearly 600 IP addresses supporting illegal Cobalt Strike copies.
A coordinated cross-border investigation codenamed ‘Operation Morpheus’, initiated in 2021 and led by the U.K National Crime Agency, in collaboration with Law Enforcement Authorities from Australia, Canada, Germany, Netherlands, Poland, and the U.S along with additional support from Bulgarian, Finnish, Lithuanian, Japanese and South Korean officials, has announced a global takedown of around 600 Cobalt Strike servers, misused by criminal groups for illegal purposes.
“Older, unlicensed versions of the Cobalt Strike red teaming framework were targeted by the crackdown, between June 24 and June 28”, according to Europol.
The operation also involved a team-up of Law Enforcement Agencies with multiple private sector companies, flagging around 690 IP addresses known as Cobalt Strike servers used by malicious actors and then passing this information to online service providers in 27 countries.
As of now, 590 of these IPs are no longer accessible. Even though Cobalt Strike is a legitimate software developed by software vendor Fortra, that helps identify weaknesses in security operations and incident responses, it is being misused by attackers to execute illegitimate activities.
“The unlicensed versions of this tool have been linked to several malware and ransomware investigations into Ryuk, Trickbot, and Conti”, the agency has said.
Even though Fortra has partnered with Law Enforcement agencies to protect the legitimate use of tools, cybercriminals have gained backdoor access to machines and deployed malware into them by cracking older versions of the tool.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.