Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,198
- Points
- 113
Europol conducted a coordinated operation between law enforcement agencies "Morpheus", during which it was possible to put down almost 600 Cobalt Strike servers. The latter were used by cybercriminals to break into organizations ' networks.
At the end of June, law enforcement officers managed to fix IP addresses associated with malicious activity, as well as domain names that became part of the attackers ' infrastructure.
After collecting all the necessary data, the police handed it over to Internet service providers to disable unlicensed versions of the tool. Europol writes in the notification as follows::
"In the period between June 24 and 28, law enforcement agencies tried to stop the use of old and unlicensed versions of the Cobalt Strike pentest tool."
"A total of 690 IP addresses from 27 countries were linked to cybercrime activity. As a result of the operation, 593 servers were disabled."
Police officers from Australia, Canada, Germany, the Netherlands, Poland and the United States took part in Operation Morpheus. They were assisted by the National Crime Agency of the United Kingdom.
Специалисты BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.they also offered their help in the fight against malicious servers.
• Source: https://www.europol.europa.eu/media...ction-against-criminal-abuse-of-cobalt-strike
----------
As a result of a large-scale international operation of law enforcement agencies, hundreds of illegal installations of the popular hacking tool Cobalt Strike were stopped. The National Crime Agency of the United Kingdom (NCA) reported that 690 IP addresses hosting malicious versions of this software were neutralized in 27 countries around the world.
Cobalt Strike, originally developed in 2012 as a pentest tool, has become a favorite tool of both government hackers and criminal groups specializing in ransomware attacks over the past decade. Despite the fact that the program is intended for legitimate purposes, it is very convenient for hacking networks. Unsurprisingly, pirated versions have spread all over the Internet.
Analysts note that Cobalt Strike is often used in phishing attacks to install "beacons" on victims ' devices, which allows hackers to gain remote access to the system and collect information about it. Don Smith, vice president of threat research at Secureworks Counter Threats Unit, called the tool "the Swiss army knife of cybercriminals and government hackers" because of its versatility.
The operation to combat illegal use of Cobalt Strike included not only disabling servers, but also sending notifications to Internet service providers about the potential placement of malware on their resources. Paul Foster, the NCA's director of threats, emphasized that illegal versions of the program significantly lowered the threshold for entering cybercrime, allowing hackers to carry out destructive attacks with minimal technical skills.
Despite the success of the operation, experts warn that the threat remains urgent. According to Don Smith of Secureworks, while destroying criminals ' infrastructure is certainly a big success, both criminal gangs and government hackers almost certainly have a backup plan in place for such situations.
Fortra, the current owner of Cobalt Strike, said it is ready to continue working with law enforcement agencies to identify and remove outdated versions of the program from the Internet. Initially, the NCA announced the release of a new version of the program with "enhanced security measures", but this statement was later withdrawn.
Despite Fortra's efforts to protect its product, criminals sometimes managed to gain access to older versions of Cobalt Strike. The attackers created hacked copies of the program, which they used for unauthorized entry into computer systems and distribution of malware. Law enforcement agencies have repeatedly encountered unlicensed versions of Cobalt Strike during investigations of major cyber attacks. In particular, this tool appeared in cases involving dangerous ransomware programs such as RYUK, Trickbot and Conti.
• Source: securitylab.ru/news/549804.php
• Source: therecord.media/cobalt-strike-law-enforcement-takedown
• Source: https://www.nationalcrimeagency.gov...-to-degrade-illegal-versions-of-cobalt-strike
At the end of June, law enforcement officers managed to fix IP addresses associated with malicious activity, as well as domain names that became part of the attackers ' infrastructure.
After collecting all the necessary data, the police handed it over to Internet service providers to disable unlicensed versions of the tool. Europol writes in the notification as follows::
"In the period between June 24 and 28, law enforcement agencies tried to stop the use of old and unlicensed versions of the Cobalt Strike pentest tool."
"A total of 690 IP addresses from 27 countries were linked to cybercrime activity. As a result of the operation, 593 servers were disabled."
Police officers from Australia, Canada, Germany, the Netherlands, Poland and the United States took part in Operation Morpheus. They were assisted by the National Crime Agency of the United Kingdom.
Специалисты BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.they also offered their help in the fight against malicious servers.
• Source: https://www.europol.europa.eu/media...ction-against-criminal-abuse-of-cobalt-strike
----------
As a result of a large-scale international operation of law enforcement agencies, hundreds of illegal installations of the popular hacking tool Cobalt Strike were stopped. The National Crime Agency of the United Kingdom (NCA) reported that 690 IP addresses hosting malicious versions of this software were neutralized in 27 countries around the world.
Cobalt Strike, originally developed in 2012 as a pentest tool, has become a favorite tool of both government hackers and criminal groups specializing in ransomware attacks over the past decade. Despite the fact that the program is intended for legitimate purposes, it is very convenient for hacking networks. Unsurprisingly, pirated versions have spread all over the Internet.
Analysts note that Cobalt Strike is often used in phishing attacks to install "beacons" on victims ' devices, which allows hackers to gain remote access to the system and collect information about it. Don Smith, vice president of threat research at Secureworks Counter Threats Unit, called the tool "the Swiss army knife of cybercriminals and government hackers" because of its versatility.
The operation to combat illegal use of Cobalt Strike included not only disabling servers, but also sending notifications to Internet service providers about the potential placement of malware on their resources. Paul Foster, the NCA's director of threats, emphasized that illegal versions of the program significantly lowered the threshold for entering cybercrime, allowing hackers to carry out destructive attacks with minimal technical skills.
Despite the success of the operation, experts warn that the threat remains urgent. According to Don Smith of Secureworks, while destroying criminals ' infrastructure is certainly a big success, both criminal gangs and government hackers almost certainly have a backup plan in place for such situations.
Fortra, the current owner of Cobalt Strike, said it is ready to continue working with law enforcement agencies to identify and remove outdated versions of the program from the Internet. Initially, the NCA announced the release of a new version of the program with "enhanced security measures", but this statement was later withdrawn.
Despite Fortra's efforts to protect its product, criminals sometimes managed to gain access to older versions of Cobalt Strike. The attackers created hacked copies of the program, which they used for unauthorized entry into computer systems and distribution of malware. Law enforcement agencies have repeatedly encountered unlicensed versions of Cobalt Strike during investigations of major cyber attacks. In particular, this tool appeared in cases involving dangerous ransomware programs such as RYUK, Trickbot and Conti.
• Source: securitylab.ru/news/549804.php
• Source: therecord.media/cobalt-strike-law-enforcement-takedown
• Source: https://www.nationalcrimeagency.gov...-to-degrade-illegal-versions-of-cobalt-strike
