Law enforcement authorities take down 593 Cobalt Strike servers
During operation MORPHEUS law enforcement authorities from numerous countries were able to take down 593 servers that were linked to Cobalt Strike.
Cobalt Strike is a red teaming tool that is developed for cybersecurity experts to identify weaknesses in corporate networks. However, unlicensed versions of the software are often used by hackers to infiltrate victims’ networks.
Fortra, the company that developed Cobalt Strike, has taken steps to prevent the abuse of its software. Hackers and cybercriminals have created cracked copies of the software to create backdoors and deploy malware. These unlicensed versions have been connected to numerous malware and ransomware investigations, including Ryuk, Trickbot and Conti.
Between June 24 and 28, Europol coordinated an operation where law enforcement authorities from Australia, Canada, Germany, the Netherlands, Poland and the United States and the private sector. The goal of operation MORPHEUS was to take down as many illegal Cobalt Strike servers as possible.
Europol and the involved authorities were able to flag 690 IP addresses to online service providers in 27 countries. By the end of the week, 593 Cobalt Strike servers were taken down.
“The disruption does not end here. Law enforcement will continue to monitor and carry out similar actions as long as criminals keep abusing older versions of the tool,” Europol says in a statement.
The operation was led by the National Crime Agency (NCA), a law enforcement agency from the United Kingdom. Paul Foster, Director of Threat Leadership at the NCA, explains why it is to the utmost importance to take down as many illegal Cobalt Strike servers as possible:
“Illegal versions of it have helped lower the barrier of entry into cybercrime, making it easier for online criminals to unleash damaging ransomware and malware attacks with little or no technical expertise. Such attacks can cost companies millions in terms of losses and recovery.”
Foster calls international disruptions like operation MORPHEUS ‘the most effective way’ to weaken hackers and cybercriminals.
Your email address will not be published. Required fields are marked