Jul 05, 2024 11:17:00

593 pirated servers of the attack emulation tool 'Cobalt Strike' exploited by cybercriminals have been shut down and weakened

'

Cobalt Strike ' is a tool developed by security company Fortra (formerly known as HelpSystems), whose main purpose is to emulate cyber attacks and discover security flaws. Pirated versions of Cobalt Strike were being distributed and exploited by cybercriminals, but an international team led by the UK's National Crime Agency (NCA) successfully shut down 593 'pirated Cobalt Strike servers.'

National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike - National Crime Agency
https://www.nationalcrimeagency.gov.uk/news/national-crime-agency-leads-international-operation-to-degrade-illegal-versions-of-cobalt-strike

Cobalt Strike is a paid security tool developed by Fortra, and has advanced functions such as 'infiltrating the system,' 'obtaining keyboard input,' 'obtaining screenshots,' 'downloading arbitrary files,' and 'hiding attack communications.' By using Cobalt Strike, users can discover flaws in their security systems and strengthen their countermeasures.

Cobalt Strike is software that was developed to enhance security, but since the late 2010s, pirated versions of Cobalt Strike have begun to circulate among cybercriminals and have been used in attacks. Cobalt Strike comes with detailed support information, including videos explaining how to use it , so it has become widely used by cybercriminals as an 'easy-to-use attack tool.' Cyberattacks using pirated Cobalt Strike have been reported one after another, and there have been reports of cybercriminals associated with the Chinese government using pirated Cobalt Strike.

Is there evidence that Chinese government hackers are strategically stealing information from Taiwan's semiconductor industry? - GIGAZINE

Cybercriminals who exploit pirated versions of Cobalt Strike set up 'servers containing pirated versions of Cobalt Strike' on the Internet and lure targets to those servers to carry out cyber attacks. NCA cooperated with the Federal Bureau of Investigation (FBI), the Australian Federal Police, the Royal Canadian Mounted Police, the German Federal Criminal Office, the Dutch National Police, and the Polish Central Office for Cybercrime Prevention to carry out an operation to shut down 'servers containing pirated versions of Cobalt Strike.'

The team took action against 690 servers located at 129 Internet service providers in 27 countries, and successfully shut down 593 servers in the week beginning June 24, 2024.

'Removing the tools and services that support cybercriminals' activities is the most effective way to weaken them,' said Paul Foster, head of the NCA's cybercrime division, emphasizing the effectiveness of the server shutdown operation.

In addition, Fortra, the developer of Cobalt Strike, has indicated that it will continue to cooperate with law enforcement agencies to eliminate pirated versions.