Security News > 2022 > November > Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012.

The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence team.

The latest version of Cobalt Strike is version 4.7.2.

Cobalt Strike, developed by Fortra, is a popular adversarial framework used by red teams to simulate attack scenarios and test the resilience of their cyber defenses.

"While the intention of Cobalt Strike is to emulate a real cyber threat, malicious actors have latched on to its capabilities, and use it as a robust tool for lateral movement in their victim's network as part of their second-stage attack payload," Greg Sinclair, a reverse engineer at Google's Chronicle subsidiary, said.

The idea is to "Excise the bad versions while leaving the legitimate ones untouched," Sinclair said, adding "Our intention is to move the tool back to the domain of legitimate red teams and make it harder for bad guys to abuse."

News URL

https://thehackernews.com/2022/11/google-identifies-34-cracked-versions.html