Security News > 2021 > August > New Cobalt Strike bugs allow takedown of attackers’ servers

New Cobalt Strike bugs allow takedown of attackers’ servers
2021-08-04 13:00

Security researchers have discovered Cobalt Strike denial of service vulnerabilities that allow blocking beacon command-and-control communication channels and new deployments.

Cobalt Strike is also used by threat actors for post-exploitation tasks after deploying so-called beacons, which provide them with persistent remote access to compromised devices.

Since Cobalt Strike is also heavily used by threat actors for various nefarious purposes, law enforcement and security researchers can also employ the Hotcobalt vulnerabilities to take down malicious infrastructure.

On April 20, SentinelLabs has disclosed the vulnerabilities to CobaltStrike's parent company HelpSystems, who addressed them in Cobalt Strike 4.4, released earlier today.

As Advanced Intel's Vitali Kremez told BleepingComputer at the time, the leak was most likely the re-compiled source code of the 2019 Cobalt Strike 4.0 version.

While BleepingComputer contacted Cobalt Strike and their parent company Help Systems to confirm the source code's authenticity when the leak was discovered, we haven't heard back.


News URL

https://www.bleepingcomputer.com/news/security/new-cobalt-strike-bugs-allow-takedown-of-attackers-servers/