Summary: The presence of unauthorized copies of the penetration testing tool Cobalt Strike has plummeted by 80% over the past two years due to a global initiative led by Microsoft, Fortra, and Health-ISAC. This operation, known as “Morpheus,” has significantly disrupted the infrastructure used by cybercriminals, making these illicit versions less accessible. The collaboration with international law enforcement has bolstered the efforts to dismantle the command-and-control networks exploiting Cobalt Strike.
Affected: Cobalt Strike, Microsoft, Fortra, Health Information Sharing and Analysis Center
Keypoints:
- Unauthorized Cobalt Strike copies decreased 80% following a global crackdown.
- Operation “Morpheus” resulted in the takedown of 690 malicious IP addresses across 27 countries.
- Collaboration between Microsoft and law enforcement has improved response time for takedowns, with an average dwell time now under one week in the U.S.
- Cobalt Strike’s exploits have been linked to various ransomware attacks, notably targeting healthcare and government institutions.
- The initiative underscores the effectiveness of joint efforts in the fight against cybercrime.
Source: https://therecord.media/malicious-cobalt-strike-use-down