Official forum for Utopia Community

You are not logged in.

#1 2023-04-07 22:33:19

Registered: 2023-01-25
Posts: 1,736

Microsoft files a lawsuit to stop cybercriminals from using the Cobalt

Microsoft announced that it is working with Fortra and the Health Information Sharing and Analysis Center (Health-ISAC) to target cybercriminals who are abusing Cobalt Strike to distribute malware, including ransomware.

To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it has been ordered by a US court to "delete illegal legacy copies of Cobalt Strike so they can no longer be used by cybercriminals".

Although Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool for simulating adversaries, illegally hacked versions of the software have been destroyed by threat actors over the years. In particular, ransomware attackers use Cobalt Strike to escalate privileges, move laterally across networks, and deploy file-encrypting malware after first gaining access to a target's environment. "The ransomware family linked to or deployed with hacked copies of Cobalt Strike has been linked to more than 68 ransomware attacks affecting healthcare organizations in more than 19 countries around the world," said DCU Director General Amy Hogan-Burney. By compromising older copies of Cobalt Strike and using compromised Microsoft software, the goal is to prevent attacks and force adversaries to rethink their tactics, the company added.

Redmond also indicated that nation-state groups linked to operations in Russia, China, Vietnam and Iran are abusing Cobalt Strike, adding that they discovered malicious infrastructure enabling Cobalt Strike around the world, including in China, the US and Russia. The legal crackdown comes months after Google Cloud found 34 different hacked versions of the Cobalt Strike tool in the wild in an effort to "make it harder for bad guys to exploit."


Board footer

Powered by FluxBB