Microsoft, Fortra, and the Center for Exchange and Analysis of Medical Information (Health-isac) have teamed together to announce a large-scale trial of servers containing hacked copies of Cobalt Strike, a primary instrument of cybercriminals. A court ruling on March 31 legally allows Microsoft and Fortra, who are the developers of Cobalt Strike, to take control of domains and delete server IP addresses that contain hacking copies of the program. Relevant groups responding to computer emergency situations (CERT) and internet providers will carry out the actions with the goal of turning off malicious infrastructure. The coalition has already begun to destroy the infrastructure since Tuesday, and the court ruling allows them to demolish new infrastructure that attackers will use in future attacks.
Violating the hacked obsolete copies of Cobalt Strike will complicate the monetization of these illegal copies, slow down their use in cyberattacks, and force criminals to overestimate and change their tactics, says Amy Hogan-Bernie, head of the Microsoft digital crimes. During this operation, the coalition has claims for copyright violations concerning the malicious use of the Microsoft and Fortra program codes that were altered and exploited to cause harm.
Fortra, formerly Help Systems, launched Cobalt Strike in 2012 as a legitimate commercial testing tool for red commands. Over time, attackers were able to receive and distribute hacking copies of Cobalt Strike, making it one of the most used cyber-ends related to the theft of data and boosters. Although the developer checks customers and issues licenses only for legal use, the personality of those behind harmful campaigns remains unknown. According to Microsoft, Cobalt Strike’s malicious infrastructure is located worldwide, including in China, the United States, and Russia.
Hogan-Bernie notes that 68 attacks of robber programs were associated with the family programs linked to hacking copies of Cobalt Strike. These attacks affected healthcare organizations in more than 19 countries, costing hospitals millions of dollars in repair and costs, as well as breaking the provision of critical patient care services, such as delaying diagnostic results, canceling medical procedures, and delaying chemotherapy, among other consequences.