NCA’s Operation Morpheus targets illicit Cobalt Strike use

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

NCA’s Operation Morpheus targets illicit Cobalt Strike use

The ***’s

This is the hidden content, please

• Sign In
• or
• Sign Up

(NCA), together with partner agencies from around the world, including the FBI and agencies from Australia, Canada and the

This is the hidden content, please

• Sign In
• or
• Sign Up

, has undertaken a series of enforcement actions against users of the Cobalt Strike ************ testing tool who were exploiting it to enable cyber ********* activity.

Operation Morpheus took action last week against 690 individual instances of Cobalt Strike held at 129 internet service providers (ISPs) in almost 30 countries. At the time of writing, the NCA’s coalition has been successful in neutralising 593 of these malicious instances through a combination of taking down servers themselves, and notifying ISPs that they are hosting malware to get them to take action.

Though Cobalt Strike is sold and used legitimately by many – it is in fact owned at present by

This is the hidden content, please

• Sign In
• or
• Sign Up

– over the years since its creation by developer Raphael Mudge it has also become the go-to tool for cyber ********** seeking to build a cyber *******.

For such actors, it is relatively easy to procure pirated or unlicensed versions, or ****** older versions, of Cobalt Strike and exploit its capabilities to quickly infiltrate their victims’ IT systems and networks and conduct ransomware and other cyber attacks.

As such, said the NCA, illicit version of Cobalt Strike have been used in some of the biggest cyber attacks of recent years, as well as by multiple ransomware gangs including the likes of Ryuk and Conti.

“Although Cobalt Strike is a legitimate piece of software, sadly cyber ********** have exploited its use for nefarious purposes,” said NCA director of threat leadership, Paul Foster. “******** versions of it have helped lower the barrier of entry into cybercrime, making it easier for online ********** to unleash damaging ransomware and malware attacks with little or no technical expertise. Such attacks can cost companies millions in terms of losses and recovery.

“International disruptions like these are the most effective way to degrade the most harmful cyber **********, by removing the tools and services which underpin their operations. I would urge any businesses that may have been a victim of cyber ****** to come forward and report such incidents to law enforcement.”

How do I stop Cobalt Strike being used against me?

In common with many tools used by cyber **********, the chief ******* that IT and security ***** can use against Cobalt Strike is to pay attention to the basics of cyber security hygiene and communicate these around their organisation.

Cobalt Strike usually arrives via a

This is the hidden content, please

• Sign In
• or
• Sign Up

or spam email attempting to get the potential victim to click on a link or open a malicious attachment – which then installs a Cobalt Strike beacon giving the cyber ********* remote access to the compromised system so that they can get to work. Therefore implementing and enforcing email security

This is the hidden content, please

• Sign In
• or
• Sign Up

is the first and best option.

Additionally, Fortra has further committed to continuing to work with law enforcement and the security industry to identify and remove older versions of the software from the internet.

This is the hidden content, please

• Sign In
• or
• Sign Up

#NCAs #Operation #Morpheus #targets #illicit #Cobalt #Strike

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up