Security News > 2023 > April > Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware.

While Cobalt Strike, developed and maintained by Fortra, is a legitimate post-exploitation tool used for adversary simulation, illegal cracked versions of the software have been weaponized by threat actors over the years.

"The ransomware families associated with or deployed by cracked copies of Cobalt Strike have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world," Amy Hogan-Burney, general manager of DCU, said.

By disrupting the use of legacy copies of Cobalt Strike and compromised Microsoft software, the goal is to hinder the attacks and force the adversaries to rethink their tactics, the company added.

Redmond further noted the misuse of Cobalt Strike by nation-state groups whose operations align with that of Russia, China, Vietnam, and Iran, adding it detected malicious infrastructure hosting Cobalt Strike across the globe, counting China, the U.S., and Russia.

The legal crackdown comes months after Google Cloud identified 34 different hacked release versions of the Cobalt Strike tool in the wild in an attempt to "Make it harder for bad guys to abuse."

News URL

https://thehackernews.com/2023/04/microsoft-takes-legal-action-to-disrupt.html