Security News > 2024 > July > Europol takes down 593 Cobalt Strike servers used by cybercriminals
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks.
"Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol's headquarters between 24 and 28 June," said Europol.
Ch, and The Shadowserver Foundation also offered their support during this international law enforcement operation, providing help via their enhanced scanning, telemetry, and analytical capabilities to identify Cobalt Strike servers used in cybercriminal campaigns.
In April 2023, Microsoft, Fortra, and the Health Information Sharing and Analysis Center also announced a broad legal crackdown on servers hosting cracked copies of Cobalt Strike, one of cybercriminals' primary hacking tools.
Attackers use Cobalt Strike during the post-exploitation attack stage to deploy beacons that provide persistent remote access to compromised networks and help steal sensitive data or drop additional malicious payloads.
In November 2022, the Google Cloud Threat Intelligence team also open-sourced a collection of indicators of compromise and 165 YARA rules to help defenders detect Cobalt Strike components in their networks.