Summary: Operation MORPHEUS, led by the UK’s National Crime Agency, targeted the illicit use of the Cobalt Strike security tool, resulting in the shutdown of criminal infrastructures exploiting unauthorized copies of the tool.
Threat Actor: Cobalt Strike | Cobalt Strike
Key Points:
- An international operation called “Operation MORPHEUS” targeted the illicit use of the Cobalt Strike security tool.
- The operation resulted in the shutdown of criminal infrastructures that exploited unauthorized copies of Cobalt Strike.
- Criminals have been using cracked older versions of Cobalt Strike to gain unauthorized access to systems and deploy malware.
- Unlicensed copies of Cobalt Strike have been connected to high-profile malware and ransomware campaigns, including RYUK, Trickbot, and Conti.
- Law enforcement agencies flagged 690 IP addresses and a range of domain names linked to criminal activities.
Original Source: https://www.nationalcrimeagency.gov.uk/news/national-crime-agency-leads-international-operation-to-degrade-illegal-versions-of-cobalt-strike
Cyber Law and Cybercrime Investigation Blog: Immuniweb