A collaborative effort led by Microsoft’s Digital Crimes Unit (DCU), Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) has dramatically reduced the availability of weaponized, unauthorized copies of Cobalt Strike. Since 2023, this coalition has waged a relentless campaign against cybercriminals abusing compromised software, culminating in an 80% reduction in observed illicit Cobalt Strike instances.
“Over the past two years, the number of unauthorized copies of Cobalt Strike observed in the wild has decreased by 80%, drastically reducing availability to cybercriminals,” Fortra wrote on their blog. This reduction translates to fewer opportunities for ransomware deployment and other malicious activities, particularly targeting critical sectors like healthcare.
The initiative’s success is rooted in a multi-pronged approach, combining legal, technical, and collaborative strategies. Notably, Operation MORPHEUS, a three-year investigation spearheaded by the UK’s National Crime Agency, saw Fortra playing a pivotal role. This global operation resulted in the flagging of 690 IP addresses across 27 countries, leading to the takedown of 593 malicious addresses. “A total of 690 IP addresses were flagged to online service providers in 27 countries. In total, 593 of these addresses were taken down,” Fortra confirms.
Beyond takedowns, the coalition has focused on minimizing the dwell time of malicious actors. “Additionally, the average dwell time—the period between initial detection and takedown—has been reduced to less than one week in the United States and less than two weeks worldwide,” Fortra reveals. This accelerated response significantly curtails the potential damage from cyberattacks.
Fortra emphasizes its commitment to ongoing takedown efforts, including continuous monitoring and automation. “Our campaign to combat the malicious use of unauthorized Cobalt Strike copies are ongoing and evolving,” the company asserts. They are also actively participating in initiatives like the Pall Mall Process, aimed at developing regulations to curb the misuse of commercial cyber intrusion tools.
Recognizing the inherent risks associated with red team tools, Fortra is also focused on strengthening security controls. “Just as cybercriminals adapt their techniques, Fortra continuously updates Cobalt Strike’s security controls to thwart cracking attempts and protect legitimate users,” they explain. Moreover, by sharing their disruption techniques through conferences and webinars, Fortra aims to empower the broader security community.
“Collaboration is essential in advancing cybersecurity overall,” Fortra states, acknowledging the critical contributions of Microsoft DCU, Health-ISAC, and other partner organizations.
Related Posts:
- International Cybercrime Ring Dismantled: Rydox Marketplace Seized and Administrators Arrested
- Global Coalition Strengthens Fight Against Ransomware, White House Announces
- Ukrainian Activists Strikes: Trigona Ransomware Servers Hacked
- BianLian, White Rabbit, and Mario Ransomware Gangs Team Up for Mega-Extortion
- Phishing Frenzy: Cloudflare Domains Exploited in Latest Attacks
