Keeping Cobalt Strike from abuse.
N2K logoApr 7, 2023

Microsoft takes legal action to go after cracked versions of Cobalt Strike.

Keeping Cobalt Strike from abuse.

Microsoft’s Digital Crimes Unit (DCU), in collaboration with cybersecurity company Fortra and the Health Information Sharing and Analysis Center (Health-ISAC), is taking legal and technical measures to disrupt illicit versions of Cobalt Strike and abused Microsoft software.

Pentesting tool is frequently used in ransomware attacks.

Microsoft says the cracked software has been used in more than 68 ransomware attacks targeting healthcare institutions around the world, which “have cost hospital systems millions of dollars in recovery and repair costs, plus interruptions to critical patient care services including delayed diagnostic, imaging and laboratory results, canceled medical procedures and delays in delivery of chemotherapy treatments.”

Microsoft stated, “On March 31, 2023, the U.S. District Court for the Eastern District of New York issued a court order allowing Microsoft, Fortra, and Health-ISAC to disrupt the malicious infrastructure used by criminals to facilitate their attacks. Doing so enables us to notify relevant internet service providers (ISPs) and computer emergency readiness teams (CERTs) who assist in taking the infrastructure offline, effectively severing the connection between criminal operators and infected victim computers.”

CyberScoop quotes Bob Erdman, Fortra’s Vice President of Research and Development, as saying that “Cobalt Strike is the go-to security tool used legitimately by reputable entities to help strengthen their security posture and prevent bad actors from compromising their infrastructure. This action is an example of industry members combining resources and expertise to block the criminal abuse of legitimate security tools, making it harder for malicious actors to operate.”