Subj : Hundreds of Cobalt Strike linked servers taken down in major poli To : All From : TechnologyDaily Date : Thu Jul 04 2024 18:00:05 Hundreds of Cobalt Strike linked servers taken down in major police operation Date: Thu, 04 Jul 2024 16:51:45 +0000 Description: Operation MORPHEUS takes down almost 600 servers distributing cracked Cobalt Strike. FULL STORY ====================================================================== Hundreds of servers distributing a cracked, older version of Cobalt Strike to cybercriminals have been taken offline by a collection of law enforcement agencies led by Europol. The EUs law enforcement agency confirmed Operation MORPHEUS took place between June 24 and 28, and its goal was to disrupt hackers distribution of the unlicensed version of the tool. The disruption does not end here, Europol said in its announcement. Law enforcement will continue to monitor and carry out similar actions as long as criminals keep abusing older versions of the tool. Hijacking a legitimate tool Cobalt Strike is a commercial penetration testing (pentest) tool first released back in 2012. It was designed to help security pros simulate advanced persistent threats (APTs) in a network environment, allowing them to test and improve their organization's defenses against sophisticated cyber-attacks. The tool offers features such as covert command and control, post-exploitation capabilities, and collaboration functionalities, which quickly made it a popular choice for read team operations and adversary emulation. However, it also made it attractive for malicious actors. Hackers have hijacked the tool, using cracked versions or stolen licenses, to conduct real-world cyber-attacks. Today, Cobalt Strike is frequently employed by cybercriminals and nation-state threat actors for malware delivery, espionage, and ransomware attacks. The tool's powerful features, originally meant for security assessments, have made it a valuable asset for attackers seeking to exploit vulnerabilities in their targets' systems and evade detection. Operation MORPHEUS, Europol further explained, was the culmination of an investigation that first began back in 2021. The law enforcement organization partnered up with its peers in Australia, Canada, Germany, the Netherlands, Poland, the UK, US, Bulgaria, Estonia, Finland, Lithuania, Japan, and South Korea, to target a total of 690 IP addresses across 27 countries. By the end of the operation, 593 of the addresses were pushed offline. Besides the police, a number of private companies also participated in Operation MORPHEUS, including BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.ch and The Shadowserver Foundation, lending their hand with enhanced scanning, telemetry and analytical capabilities. More from TechRadar Pro Microsoft SQL servers hijacked to deliver Cobalt Strike and ransomware Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/hundreds-of-cobalt-strike-linked-server s-taken-down-in-major-police-operation --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .