Cobalt Strike is a penetration testing tool, but criminals have been pirating the software to launch cyberattacks for over a decade.
An international operation has eliminated hundreds of malicious versions of the Cobalt Strike software used by criminals to carry out cyber attacks.
Cobalt Strike is a penetration testing tool used to check for vulnerabilities in networks to improve cybersecurity. It is legitimate software, but criminals have been using pirated and unlicensed versions of the software for years for malicious activities, such as infiltrating corporate networks and deploying ransomware.
The legal versions of the software also come with various tools, free training manuals and videos that make it easier for criminals to learn how to use the software for their own purposes.
To solve this problem, which had existed for more than a decade, an international task force led by the UK’s National Crime Agency (NCA) set out to disrupt 690 individual instances of the malicious Cobalt Strike software located at 129 Internet service providers in 27 countries.
This disruption came after more than two and a half years of collaboration between law enforcement and private industry aimed at identifying these malicious forms of the software.
The outage occurred last week and the NCA said 593 of the 690 cases had been resolved by the end of the week.
“Although Cobalt Strike is legitimate software, cybercriminals have unfortunately exploited it for nefarious purposes,” said Paul Foster, NCA Director of Threat Intelligence. “Illegal versions of it have helped lower the barrier to entry into cybercrime, making it easier for online criminals with little or no technical expertise to launch damaging ransomware and malware attacks.”
“Such attacks can cost companies millions in losses and recovery points.”
According to the NCA, illegal versions of Cobalt Strike have been used in some of the largest cyberattacks in recent times and are linked to the RYUK, Trickbot and Conti cyberattacks.
“International disruptions like this are the most effective way to disrupt the most damaging cybercriminals by depriving them of the tools and services that underpin their operations,” Foster said.
The NCA was also involved in the major operation that led to the dismantling of the LockBit ransomware gang earlier this year.
Find out how new technology trends are changing the future in our new podcast, Future Human: The Series. Listen now on SpotifyAt Apple or wherever you get your podcasts from.
