Illicit Cobalt Strike servers disrupted in global crackdown

Nearly 600 of almost 700 Cobalt Strike servers across 27 countries leveraged for cybercrime have been dismantled during the last week of June as part of the years-long Europol-coordinated international law enforcement effort dubbed "Operation Morpheus," which also involved the U.S., Canada, Australia, Poland, Germany, and the Netherlands, according to Security Affairs.

Such an operation — which was conducted with the cooperation of Trellix, BAE Systems, The Shadowserver Foundation, and other private sector organizations — entailed the usage of the Malware Information Sharing Platform that allowed the sharing of more than 730 pieces of threat intelligence with nearly 1.2 million indicators of compromise since 2021, said Europol. Attackers were noted by Europol to be undeterred in exploiting older versions of Cobalt Strike despite the intensified efforts of the red teaming tool provider Fortra in combating such an abuse. "Such unlicensed versions of the tool have been connected to multiple malware and ransomware investigations, including those into RYUK, Trickbot, and Conti," Europol added.