Nearly 600 of almost 700 Cobalt Strike servers across 27 countries leveraged for cybercrime have been dismantled during the last week of June as part of the years-long Europol-coordinated international law enforcement effort dubbed "Operation Morpheus," which also involved the U.S., Canada, Australia, Poland, Germany, and the Netherlands, according to Security Affairs.
Such an operation — which was conducted with the cooperation of Trellix, BAE Systems, The Shadowserver Foundation, and other private sector organizations — entailed the usage of the Malware Information Sharing Platform that allowed the sharing of more than 730 pieces of threat intelligence with nearly 1.2 million indicators of compromise since 2021, said Europol. Attackers were noted by Europol to be undeterred in exploiting older versions of Cobalt Strike despite the intensified efforts of the red teaming tool provider Fortra in combating such an abuse. "Such unlicensed versions of the tool have been connected to multiple malware and ransomware investigations, including those into RYUK, Trickbot, and Conti," Europol added.
Ransomware, Malware
Illicit Cobalt Strike servers disrupted in global crackdown
Share
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Related Terms
AdwareGet daily email updates
SC Media's daily must-read of the most current and pressing daily news