Europol, in collaboration with the private sector, has dismantled numerous unlicensed versions of Forta’s Cobalt Strike red teaming tool.
Although Cobalt Strike is intended for legitimate security testing, unauthorized copies have been linked to malware and ransomware investigations, writes CyberNews*.
Operation MORPHEUS, a four-day effort involving international authorities, resulted in the takedown of 593 IP addresses out of 690 flagged. The IP addresses were linked to a range of domain names used by hacker groups for online service providers to disable unlicensed versions of the tool, Europol said. Fortra, the tool’s developer, has taken steps to prevent further abuse.
This is yet another reminder of the importance of being vigilant to phishing attacks as this software is designed to begin with a spear phishing email.
Criminal and ethical hackers often use similar or even the same tools to test security and exploit vulnerabilities. Illegal versions of Cobalt Strike have made it even easier for individuals with little to no technical expertise to launch devastating ransomware and malware attacks, which can result in substantial financial losses for companies.
The NCA’s operation, working alongside international agencies, proves that a collaborative approach can be fortuitous in taking down or at least displacing criminal networks, making it harder for illegal activity to thrive.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 