Security News > 2024 > July > Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

Europol just announced that a week-long operation at the end of June dropped nearly 600 IP addresses that supported illegal copies of Cobalt Strike.

"Used as a foothold, it has proven to be highly effective at providing a persistent backdoor to victims, facilitating intrusions of all forms. This disruption is to be welcomed, removing Cobalt Strike infrastructure used by criminals is always a good thing."

"However, it is important to address the longstanding stance of Cobalt Strike under previous ownership, regarding its restrictions to purchase a license for cybersecurity vendors. Many cybersecurity vendors believe this decision has inadvertently fostered a precarious environment where cybercriminals exploit cracked versions of Cobalt Strike for malicious activities and vendors are not able to defend against its misuse."

"Although these new measures are a very good step in the right direction, we are eager to do more. This situation underscores the need for more integral collaborative efforts to protect organizations against the abuse of Cobalt Strike. We call on Cobalt Strike to reconsider its policies and collaborate with cybersecurity vendors to enhance products and combat the misuse of these powerful tools."

Operation Morpheus's efforts come just over a year after Microsoft, Fortra, and Health-ISAC took a case to court, getting legal permission to take down various IP addresses it located that hosted cracked versions of Cobalt Strike.

Since Fortra bought Cobalt Strike in 2020, it has made strides in ensuring criminals don't get access to legitimate versions of its tools.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/