![]() ![]() Legitimate cybersecurity researchers use Cobalt Strike to emulate the work of an attacker and to probe weaknesses in computer systems and maintain a long-term, covert presence on a network. ![]() “It’s insufficient to think of it as a single action like we used to,” she said. Hogan-Burney said that investigators in her office have coined a joke about the operation that’s by now well-worn: “We call this an advanced persistent disruption.” Malicious actors will likely be able to retool their infrastructure, and Cobalt Strike relies on dynamic hosting, creating a challenge in disrupting it use. The action against illicit Cobalt Strike applications represents the culmination of what Hogan-Bruney said was a year-long investigation, and Thursday’s attempt to disrupt use of Cobalt Strike is likely only a first step to challenge illicit use of the hacking tool. Thursday’s legal order targets 16 anonymous “John Doe” actors engaged in a range of criminal behavior, from ransomware activity to malware distribution and development. Microsoft has in recent years pioneered the use of domain seizure as a way to disrupt the technical infrastructure malicious hackers rely on, and Thursday’s action targeting Cobalt Strike builds on that earlier work to carry out the novel targeting of a hacking tool. The court order instructs data centers and hosting providers to block traffic to the known IPs and domains and “completely disable the computers, servers, electronic data storage devices” and other infrastructure associated with the defendants’ activities, as well as transfer control of the IPs and domains to Microsoft. District Court in the Eastern District of New York, the companies detail known IP addresses associated with the criminal activity, along with the range of domain names utilized by the criminal groups. In a 223-page complaint filed in the U.S. The court order names a range of entities and groups the companies allege misuse their technologies, including the LockBit and Conti ransomware groups and a series of cybercrime operations tracked by Microsoft under various designations. “If you identify their preferred method of attack and make it no longer usable that’s a good thing,” said Amy Hogan-Burney, Microsoft’s general manager for cybersecurity policy and protection. Thursday’s action attempts to disrupt the use of these cracked, older versions of Cobalt Strike that cybercriminals widely use to carry out attacks, especially to deploy ransomware. This helps in identifying weak targets within an organization, such as employees that are more prone to security attacks.Microsoft’s Digital Crimes Unit, cybersecurity firm Fortra and the Health Information Sharing & Analysis Center announced legal action Thursday to seize domains related to criminal activity involving cracked copies of the security testing application Cobalt Strike, which has become a favorite tool for cybercriminals to carry out attacks around the world.Ĭobalt Strike, an adversary emulation tool that information security professionals use to evaluate network and system defenses to enable better security, like other legitimate hacking tools, is regularly abused by cybercriminals as part of attacks ranging from financially motived cybercrime to high-end state-aligned attacks.įortra, the maker of Cobalt Strike, works to prevent Cobalt Strike getting into the hands malicious hackers, but manipulated versions of the software have inevitably proliferated online. ![]() Spear PhishingĪ variant of phishing, spear phishing is a method that intentionally targets specific individuals or groups within an organization. When you browse through this proxy server, you inherit cookies, authenticated HTTP sessions, and client SSL certificates. It is a powerful way to demonstrate risk with a targeted attack.Ĭobalt Strike implements browser pivoting with a proxy server that injects into 32-bit and 64-bit Internet Explorer. Here are the various attack packages offered by Cobalt Strike:īrowser Pivoting is a technique that essentially leverages an exploited system to gain access to the browser’s authenticated sessions. Cobalt Strike offers a variety of attack packages to conduct a web drive-by attack or to transform an innocent file into a trojan horse for a simulation attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |