Microsoft Takes Legal Action to Disrupt Cybercriminals’ Illegal Use of Cobalt Strike Tool

Cyber Security

Apr 07, 2023Ravie Lakshmanan

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware.

To that end, the tech giant’s Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to “remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals.”

While Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool used for adversary simulation, illegal cracked versions of the software have been weaponized by threat actors over the years.

Ransomware actors, in particular, have leveraged Cobalt Strike after obtaining initial access to a target environment to escalate privileges, lateral move across the network, and deploy file-encrypting malware.

“The ransomware families associated with or deployed by cracked copies of Cobalt Strike have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world,” Amy Hogan-Burney, general manager of DCU, said.

By disrupting the use of legacy copies of Cobalt Strike and compromised Microsoft software, the goal is to hinder the attacks and force the adversaries to rethink their tactics, the company added.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter – Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don’t Miss Out – Save Your Seat!

Redmond further noted the misuse of Cobalt Strike by nation-state groups whose operations align with that of Russia, China, Vietnam, and Iran, adding it detected malicious infrastructure hosting Cobalt Strike across the globe, counting China, the U.S., and Russia.

The legal crackdown comes months after Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild in an attempt to “make it harder for bad guys to abuse.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Samsung Galaxy Unpacked Event for Galaxy Z Fold 5, Galaxy Z Flip 5 Said to Take Place in South Korea
Samsung Confirms Camera Blur Issue on Galaxy S23 and Galaxy S23+, Says a Fix Is on the Way
Elon Musk’s Neuralink Worth $5 Billion Based on Private Stock Trades
Twitter Blue Extends Timeline for Subscribers to Edit Published Tweets to 60 Minutes: Details
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App