Microsoft, Fortra & Health-ISAC Team Up to Remove Illicit Cobalt Strike Tools
The effort aims to disrupt the use of altered Cobalt Strike software by cybercriminals in ransomware and other attacks.
Microsoft's Digital Crimes Unit (DCU), security software vendor Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC), have joined forces to remove cracked legacy copies of Cobalt Strike by way of legal and technical action.
Using dated and maliciously altered versions of the Cobalt Strike software, threat actors have targeted healthcare organizations in nearly 70 ransomware attacks in 19 countries.
Cobalt Strike, sold by Fortra, is a reputable and popular post-exploitation security tool, but its older versions have become a favorite for cybercriminals to employ in nefarious activities. Pulling these legacy copies globally is a new approach for Microsoft's DCU, and it's aimed at cutting off the threat at the source: illegal distribution of compromised, malicious software.
"While this action will impact the criminals' immediate operations, we fully anticipate they will attempt to revive their efforts. Our action is therefore not one and done," Microsoft stated in a blog post. "Through ongoing legal and technical action, Microsoft, Fortra and Health-ISAC, along with our partners, will continue to monitor and take action to disrupt further criminal operations, including the use of cracked copies of Cobalt Strike."
About the Author
You May Also Like
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024