Microsoft and two partner organizations have been granted a court order to go after cybercriminal infrastructure associated with the rampant abuse of Cobalt Strike — a legitimate testing tool that attackers have used to wreak havoc on the healthcare industry. In an initiative announced Thursday, the company’s Digital Crimes Unit (DCU) — alongside the nonprofit Health Information Sharing and Analysis Center (Health-ISAC) and software maker Fortra — is working “to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware.” Fortra’s Cobalt Strike is an adversary simulator and penetration testing software used by red teams to detect vulnerabilities and plan response, but older versions of the program have been widely exploited by cybercriminals. On March 31, the U.S. District Court for the Eastern District of New York issued an order allowing the three entities to go after the “malicious infrastructure” used in attacks, such as command-and-control servers. “Doing so enables us to notify relevant internet service providers (ISPs) and computer emergency readiness teams (CERTs) who assist in taking the infrastructure offline, effectively severing the connection between criminal operators and infected victim computers,” Microsoft wrote. The company added that the initiative involves copyright claims for the use of software code that is “altered and abused for harm.” Amy Hogan-Burney, general manager of cybersecurity policy and protection at Microsoft, said that going after the distribution methods of cybercriminals “is one of the best ways to disrupt the criminal ecosystem, forcing criminals to re-evaluate their tactics and decrease their ability to profit from their attacks.”
https://therecord.media/cobalt-strike-abuse-microsoft-fortra-health-isac
Customer Reviews
Thanks for submitting your comment!