Fortra recently reported a substantial reduction in the abuse of Cobalt Strike, a tool originally designed for adversary simulation. The company revealed that incidents involving Cobalt Strike had dropped by 80% over the past two years. Cobalt Strike is a legitimate tool used by security professionals, but cybercriminals and state-sponsored threat actors have exploited cracked versions of it, typically older releases, to carry out malicious activities. These unauthorized copies have been used in cyberattacks by various threat groups, both for profit and espionage. To combat this rising misuse, Fortra, in collaboration with Microsoft and the Health Information Sharing and Analysis Center (Health-ISAC), launched a multifaceted effort in 2023 aimed at reducing the tool’s abuse.
The initiative has led to significant progress, including Europol’s takedown of nearly 600 Cobalt Strike servers in July 2024. Fortra’s efforts have also resulted in the seizure and sinkholing of over 200 malicious domains, limiting the attackers’ ability to use the tool for exploitation. The impact of these actions has been clear, with the number of unauthorized Cobalt Strike copies in circulation significantly declining. Fortra’s strategy includes legal measures, technical disruptions, and closer collaboration with international law enforcement, enabling it to tackle this issue from multiple angles. The company’s ongoing work is vital to ensure further reduction in abuse, focusing on preventing the tool’s exploitation while allowing legitimate users to benefit from it.
Fortra also reported a dramatic improvement in response times to cyber threats related to Cobalt Strike. The average dwell time between the detection of a threat and its takedown has been reduced to under one week in the United States and under two weeks globally. These results reflect the increasing effectiveness of the coordinated efforts by Fortra, Microsoft, and other partners in addressing the problem. Automation has played a significant role in speeding up the process of identifying and removing malicious copies of the tool. As a result, the time it takes to mitigate threats has decreased, providing faster protection to organizations at risk.
In addition to legal and technical actions, Fortra continuously updates Cobalt Strike’s security controls to prevent cracking attempts and protect its legitimate users. The company actively tracks the activities of cybercriminals to identify the root causes of Cobalt Strike misuse. As the threat landscape evolves, Fortra remains committed to raising awareness about the illegal use of the tool, issuing persistent notices to remove unauthorized versions, and monitoring compliant web properties for reappearance. These ongoing efforts mark a new phase in Fortra’s proactive approach to ensuring that Cobalt Strike remains a safe and legitimate tool while preventing its exploitation for malicious purposes.
Reference:
