Security

Almost 600 Malicious Cobalt Strike Instances Taken Down After Europol and UK NCA Operation

By Lore Apostol / July 4, 2024
EU Headquarters

A disruptive action led by the UK National Crime Agency and coordinated by Europol flagged 690 IP addresses associated with Cobalt Strike criminal activity to 129 online service providers in 27 countries between June 24 and 28. By the end of the week, 593 of these addresses had been taken down.

This action was part of Operation Morpheus and represents the apex of an elaborate investigation started in 2021. It targeted older, unlicensed versions of the penetration testing tool that checks for vulnerabilities in a company’s network and helps improve cybersecurity, which hackers abused to conduct cyberattacks.

Law enforcement notified service providers of known IP addresses associated with instances of malicious Cobalt Strike software and several domains used by cybercriminal groups.

Since the mid-2010s, cybercriminals have been downloading pirated and unlicensed versions of pen-testing software from illegal marketplaces and the Dark Web. 

Legal Cobalt Strike versions offer tools, guides, and videos that threat actors easily exploit for cyberattacks. These make for a great network intrusion tool that helps deploy ransomware at speed and scale without requiring much sophistication or money.

Authorities participating in the investigation were the Australian Federal Police (AFP), the Royal Canadian Mounted Police (RCMP), the German Federal Criminal Police Office, The Netherlands National Police, the Polish Central Cybercrime Bureau, the U.K. National Crime Agency (NCA), and the U.S. Department of Justice and Federal Bureau of Investigation (FBI).

Authorities from Bulgaria, Estonia, Finland, Lithuania, Japan, and South Korea also supported the disruption activity.


Add a Comment
Related Posts

Suspected Chinese Hacker Group Used Open-Source Rootkits for Espionage


June 20, 2024

New Ransomware Exploits Compromised VPNs to Target US Education and Recreation Sectors


June 7, 2024

Cybercriminals Distribute Various Malware Strains via Torrented Versions of MS Office and Windows


May 31, 2024

Cybercriminal Gang UNC3944 Runs VMs Inside Victims' Infrastructure via vSphere and Azure


June 17, 2024

EU Sanctions Six Russian Hackers Connected to Conti, Trickbot, and Other Malware


June 26, 2024

‘WeSteal’ Commodity Malware Is Hot Among Crypto-Grabbers


April 30, 2021

© TechNadu 2024. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: