Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

Cobalt Strike Abuse Declines 80 Percent

March 11, 2025
Reading Time: 2 mins read
in News

Fortra recently reported a substantial reduction in the abuse of Cobalt Strike, a tool originally designed for adversary simulation. The company revealed that incidents involving Cobalt Strike had dropped by 80% over the past two years. Cobalt Strike is a legitimate tool used by security professionals, but cybercriminals and state-sponsored threat actors have exploited cracked versions of it, typically older releases, to carry out malicious activities. These unauthorized copies have been used in cyberattacks by various threat groups, both for profit and espionage. To combat this rising misuse, Fortra, in collaboration with Microsoft and the Health Information Sharing and Analysis Center (Health-ISAC), launched a multifaceted effort in 2023 aimed at reducing the tool’s abuse.

The initiative has led to significant progress, including Europol’s takedown of nearly 600 Cobalt Strike servers in July 2024. Fortra’s efforts have also resulted in the seizure and sinkholing of over 200 malicious domains, limiting the attackers’ ability to use the tool for exploitation. The impact of these actions has been clear, with the number of unauthorized Cobalt Strike copies in circulation significantly declining. Fortra’s strategy includes legal measures, technical disruptions, and closer collaboration with international law enforcement, enabling it to tackle this issue from multiple angles. The company’s ongoing work is vital to ensure further reduction in abuse, focusing on preventing the tool’s exploitation while allowing legitimate users to benefit from it.

Fortra also reported a dramatic improvement in response times to cyber threats related to Cobalt Strike. The average dwell time between the detection of a threat and its takedown has been reduced to under one week in the United States and under two weeks globally. These results reflect the increasing effectiveness of the coordinated efforts by Fortra, Microsoft, and other partners in addressing the problem. Automation has played a significant role in speeding up the process of identifying and removing malicious copies of the tool. As a result, the time it takes to mitigate threats has decreased, providing faster protection to organizations at risk.

In addition to legal and technical actions, Fortra continuously updates Cobalt Strike’s security controls to prevent cracking attempts and protect its legitimate users. The company actively tracks the activities of cybercriminals to identify the root causes of Cobalt Strike misuse. As the threat landscape evolves, Fortra remains committed to raising awareness about the illegal use of the tool, issuing persistent notices to remove unauthorized versions, and monitoring compliant web properties for reappearance. These ongoing efforts mark a new phase in Fortra’s proactive approach to ensuring that Cobalt Strike remains a safe and legitimate tool while preventing its exploitation for malicious purposes.

Reference:

  • Cobalt Strike Abuse Declines 80% in Two Years Due to Global Takedown Efforts
Tags: Cyber NewsCyber News 2025Cyber threatsMarch 2025
ADVERTISEMENT

Related Posts

Interlock Ransomware Threat Alert

Altman Flags Looming AI Fraud Crisis

July 24, 2025
Interlock Ransomware Threat Alert

XSS Forum Admin Arrested in Kyiv

July 24, 2025
Interlock Ransomware Threat Alert

Google OSS Rebuild Exposes Malicious Code

July 24, 2025
UK Advances Plan to Report Ransomware Attack

UK Advances Plan to Report Ransomware Attack

July 23, 2025
UK Advances Plan to Report Ransomware Attack

Global Ransomware Attacks Drop 43% in Q2

July 23, 2025
UK Advances Plan to Report Ransomware Attack

Clorox Sues Cognizant Over 2023 Cyberattack

July 23, 2025

Latest Alerts

Interlock Ransomware Threat Alert

GitLab Patches Key Vulnerabilities

Backdoor Found in WP Plugins

Lumma Stealer Returns with New Tactics

npm Phishing Emails Target Developer Logins

MuddyWater Emerges Amid Iran-Israel Clash

Subscribe to our newsletter

    Latest Incidents

    Data Breach Affects 340K Jobseekers

    Hackers Use Ransomware on SharePoint Servers

    Beluga Vodka Ransomware Attack Reported

    Weak Password Triggers Ransomware Old Firm

    US Nuclear Agency Breached in MS Hack

    European Healthcare Network Breached

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial