Microsoft’s Digital Crimes Unit (DCU), safety software program vendor Fortra, and the Well being Info Sharing and Evaluation Heart (Well being-ISAC), have joined forces to take away cracked legacy copies of Cobalt Strike by means of authorized and technical motion.
Utilizing dated and maliciously altered variations of the Cobalt Strike software program, risk actors have focused healthcare organizations in practically 70 ransomware assaults in 19 international locations.
Cobalt Strike, bought by Fortra, is a good and fashionable post-exploitation safety device, however its older variations have develop into a favourite for cybercriminals to make use of in nefarious actions. Pulling these legacy copies globally is a brand new method for Microsoft’s DCU, and it is aimed toward slicing off the risk on the supply: unlawful distribution of compromised, malicious software program.
“Whereas this motion will affect the criminals’ instant operations, we totally anticipate they may try and revive their efforts. Our motion is subsequently not one and accomplished,” Microsoft acknowledged in a weblog put up. “Via ongoing authorized and technical motion, Microsoft, Fortra and Well being-ISAC, together with our companions, will proceed to observe and take motion to disrupt additional felony operations, together with using cracked copies of Cobalt Strike.“
