Cybersecurity

Microsoft Takes Legal Action to Interfere with Cybercriminals’ Use of Cobalt Strike Tool


April 07, 2023Ravie Lakshmanan

Microsoft said it was working closely with Fortra and the Health Information Sharing and Analysis Center (Health-ISAC) to address cybercriminals’ misuse of Cobalt Strike to distribute malware, including ransomware.

To that end, the tech giant’s Digital Crimes Unit (DCU) revealed that they secured a court order in the US to “delete old, illegal copies of Cobalt Strike so that they can no longer be used by cybercriminals.”

While Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploit tool used for enemy simulation, illegal cracked versions of the software have been weaponized by threat actors for years.

Ransomware perpetrators, in particular, have taken advantage of Cobalt Strike after gaining initial access to a target environment to escalate privileges, move across networks, and spread file-encrypting malware.

Cobalt Attack
Cobalt Attack

“The family of ransomware associated with or spread by cracked copies of Cobalt Strike has been linked to more than 68 ransomware attacks that affected healthcare organizations in more than 19 countries worldwide,” Amy Hogan-Burney, general manager of DCU, said.

By interfering with the use of older copies of Cobalt Strike and compromised Microsoft software, the goal is to deter attacks and force adversaries to rethink their tactics, the company added.

UPCOMING WEBINARS

Learn to Secure Identity Perimeters – A Proven Strategy

Improve your business security with our upcoming cybersecurity webinar led by our experts: Explore the Identity Perimeter strategy!

Don’t Miss It – Save Your Seat!

Redmond further noted the misuse of Cobalt Strike by a group of nation-states whose operations align with Russia, China, Vietnam, and Iran, adding it detected malicious infrastructure hosting Cobalt Strike around the world, including China, the US, and Russia.

The legal action comes months after Google Cloud identified 34 hacked release versions of the Cobalt Strike tool in the wild in an effort to “make it harder for bad guys to abuse.”

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.





Source link

Related Articles

Back to top button