Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware.
To that end, the tech giant’s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to “remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals.”
While Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool used for adversary simulation, illegal cracked versions of the software have been weaponized by threat actors over the years.
By disrupting the use of legacy copies of Cobalt Strike and compromised Microsoft software, the goal is to hinder the attacks and force the adversaries to rethink their tactics, the company added.
Redmond further noted the misuse of Cobalt Strike by nation-state groups whose operations align with that of Russia, China, Vietnam, and Iran, adding it detected malicious infrastructure hosting Cobalt Strike across the globe, counting China, the U.S., and Russia.
The legal crackdown comes months after Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild in an attempt to “make it harder for bad guys to abuse.”
Source: https://thehackernews.com/
