TLDR:
- Law enforcement agencies shut down 593 rogue servers running unauthorized versions of Cobalt Strike in a global operation.
- The operation, called “Operation Morpheus,” targeted cybercriminals misusing the legitimate penetration testing tool for malicious purposes.
In a week-long international operation starting on June 24, 2024, law enforcement agencies, including the UK’s National Crime Agency, FBI, Australian Federal Police, and Royal Canadian Mounted Police, successfully shut down 593 malicious Cobalt Strike servers. Cobalt Strike, originally developed for cybersecurity testing, has become a favorite tool for cybercriminals to conduct attacks like ransomware and data theft.
The operation, codenamed “Operation Morpheus,” saw collaboration between law enforcement agencies and private industry partners like BAE Systems Digital Intelligence and Shadowserver. Real-time threat intelligence sharing and network scanning were used to identify nearly 1.2 million indicators of compromise related to illegal Cobalt Strike use.
While the takedown of these servers is expected to disrupt cybercriminal activities temporarily, experts warn that criminals are quick to adapt and set up new infrastructure. Fortra, the company behind Cobalt Strike, has committed to working with law enforcement to prevent the abuse of its software in the future.
Overall, Operation Morpheus marks a significant victory in the ongoing battle against cybercrime, showcasing the importance of international cooperation and continuous efforts to combat threats in the digital space.