Security News > 2023 > April > Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike

Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.

The US District Court for the Eastern District of New York on March 31 issued a court order allowing Microsoft and Fortra to take down IP addresses that are hosting cracked versions of Cobalt Strike and seize the domain names.

"Instead of disrupting the command and control of a malware family, this time, we are working with Fortra to remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals."

Fortra developed Cobalt Strike more than a decade ago as a legitimate penetration tool used to simulate adversary actions.

Ransomware families known to use cracked copies of Cobalt Strike were linked to almost 70 attacks against healthcare organizations in more than 19 countries, according to Microsoft.

Fortra has taken steps to slow the abuse of its Cobalt Strike tool, including vetting, but it's difficult to control what miscreants do with older illegal copies of the software.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/10/microsoft_fortra_cobalt_strike/