NCA’s Operation Morpheus targets illicit Cobalt Strike use

Date:

stokkete – stock.adobe.com

International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes

Alex Scroxton

By

  • Alex Scroxton,
    Security Editor

Published: 03 Jul 2024 20:37

The UK’s National Crime Agency (NCA), together with partner agencies from around the world, including the FBI and agencies from Australia, Canada and the European Union, has undertaken a series of enforcement actions against users of the Cobalt Strike penetration testing tool who were exploiting it to enable cyber criminal activity.

Operation Morpheus took action last week against 690 individual instances of Cobalt Strike held at 129 internet service providers (ISPs) in almost 30 countries. At the time of writing, the NCA’s coalition has been successful in neutralising 593 of these malicious instances through a combination of taking down servers themselves, and notifying ISPs that they are hosting malware to get them to take action.

Though Cobalt Strike is sold and used legitimately by many – it is, in fact, owned at present by Fortra – over the years since its creation by developer Raphael Mudge it has also become the go-to tool for cyber criminals seeking to build a cyber attack.

For such actors, it is relatively easy to procure pirated or unlicensed versions, or crack older versions, of Cobalt Strike and exploit its capabilities to quickly infiltrate their victims’ IT systems and networks and conduct ransomware and other cyber attacks.

As such, said the NCA, illicit versions of Cobalt Strike have been used in some of the biggest cyber attacks of recent years, as well as by multiple ransomware gangs, including the likes of Ryuk and Conti.

“Although Cobalt Strike is a legitimate piece of software, sadly cyber criminals have exploited its use for nefarious purposes,” said the NCA’s director of threat leadership, Paul Foster. “Illegal versions of it have helped lower the barrier of entry into cyber crime, making it easier for online criminals to unleash damaging ransomware and malware attacks with little or no technical expertise. Such attacks can cost companies millions in terms of losses and recovery.

“International disruptions like these are the most effective way to degrade the most harmful cyber criminals, by removing the tools and services which underpin their operations. I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement.”

How do I stop Cobalt Strike being used against me?

In common with many tools used by cyber criminals, the chief weapon that IT and security pros can use against Cobalt Strike is to pay attention to the basics of cyber security hygiene and communicate these around their organisation.

Cobalt Strike usually arrives via a spear phishing or spam email attempting to get the potential victim to click on a link or open a malicious attachment – which then installs a Cobalt Strike beacon, giving the cyber criminal remote access to the compromised system so that they can get to work. Therefore, implementing and enforcing email security measures and policies is the first and best option.

Additionally, Fortra has further committed to continuing to work with law enforcement and the security industry to identify and remove older versions of the software from the internet.

Read more on Hackers and cybercrime prevention

  • Microsoft, Fortra get court order to disrupt Cobalt Strike

    ArielleWaldman

    By: Arielle Waldman

  • Cops bust Genesis cyber crime marketplace

    AlexScroxton

    By: Alex Scroxton

  • National Crime Agency sting operation infiltrates cyber crime market

    KarlFlinders

    By: Karl Flinders

  • Chinese Silkloader cyber attack tool falls into Russian hands

    AlexScroxton

    By: Alex Scroxton

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

Wilmer Valderrama Shares the Go-To Circuit Workout That Keeps Him Fit on the Road

WILMER VALDERRAMA DOESN'T just work out to look good...

Here’s How to Get Pedro Pascal’s ‘The Last of Us’ Jacket on Sale

NOW THAT HBO'S The Last of Us has officially...

This Brain Surgeon Is Bringing Radiosurgery Mainstream

John Adler, MD, never wanted to be an entrepreneur....