Microsoft said it is working with Fortra and the Health Information Sharing and Analysis Center (Health-ISAC) to tackle Cobalt Strike exploits by cybercriminals distributing malware, including ransomware.
To that end, tech giant Digital Crimes Unit (DCU) has revealed that it has secured a court order in the United States to “remove illegal legacy copies of Cobalt Strike so that they cannot be used by cybercriminals.”
Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploit tool used to simulate attackers, but illegal cracked versions of this software have been weaponized by attackers over the years. It’s been done.
In particular, after gaining initial access to a target environment, ransomware attackers are leveraging Cobalt Strike to escalate privileges, move across networks, and deploy file-encrypting malware.
“The ransomware family associated with or deployed with cracked copies of Cobalt Strike has been linked to more than 68 ransomware attacks affecting healthcare organizations in more than 19 countries around the world,” it said. said Amy Hogan-Burney, DCU General Manager.
By interfering with the use of legacy copies of Cobalt Strike and compromised Microsoft software, the goal is to deter attacks and force attackers to rethink their tactics, the company added.
Learn How to Secure Your Identity Perimeter – A Proven Strategy
Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!
Don’t miss it – secure your seat!
Redmond further points to the exploitation of Cobalt Strike by a group of nations working in concert with Russia, China, Vietnam, and Iran, and the malicious infrastructure hosting Cobalt Strike around the world, including China, the United States, and Russia. Added that I found it.
The legal crackdown comes months after Google Cloud actually identified 34 hacked released versions of its Cobalt Strike tool in an attempt to “make it more difficult for the bad guys to exploit.” rice field.
