1 min read

Europol Cracks Down on 'Pirates' Abusing Cobalt Strike


July 05, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Europol Cracks Down on 'Pirates' Abusing Cobalt Strike

Authorities have severed access to some 600 IP addresses known to abuse the notoriously efficient Cobalt Strike hacking tool, dealing a new blow to cybercrime.

Law enforcement in Australia, Canada, Germany, the Netherlands, Poland, and the United States joined the private sector to fight the abuse of the popular penetration testing tool Cobalt Strike.

A legitimate product

A threat emulation program, Cobalt Strike helps IT professionals discover and address vulnerabilities and system misconfigurations before the bad guys find them and exploit them.

Hackers notoriously target vulnerable organizations and, using unlicensed (cracked) copies of Cobalt Strike, penetrate the target’s network to steal data and deploy malware, not least of which ransomware.

Operation MORPHEUS

Between June 24 and 28, law enforcement flagged known IP addresses associated with criminal activity involving Cobalt Strike.

By the end of the week, 593 addresses had been taken down.

The investigation was led by the UK National Crime Agency and involved authorities from Australia, Canada, Germany, the Netherlands, Poland, and the United States.

Europol coordinated the activity and liaised with partners in the private sector.

“In rare circumstances, criminals have stolen older versions of Cobalt Strike, creating cracked copies to gain backdoor access to machines and deploy malware,” Europol explains. “Such unlicensed versions of the tool have been connected to multiple malware and ransomware investigations, including those into RYUK, Trickbot and Conti.”

The action marks the apex of an investigation dubbed Operation MORPHEUS, initiated in 2021.

Law enforcement used the Malware Information Sharing Platform to enable partners in the private sector to share real-time threat intelligence, producing over 730 pieces of information containing almost 1.2 million indicators of compromise.

Be proactive

Most Cobalt Strike attacks target large enterprises. Yet small firms often end up in the crosshairs. While large companies generally recover from run-ins with hackers, smaller businesses can go bankrupt.

Bitdefender Ultimate Small Business Security is an extended version of our consumer-friendly security suite designed to cover every attack scenario and protect your biz. Visit bitdefender.com/solutions/small-business-security to see it in action.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like