Cobalt Strike infrastructure is disrupted
Event Details
Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol’s headquarters between 24 and 28 June.
Cooperation with the private sector was instrumental in the success of this disruptive action.
Throughout the week, law enforcement flagged known IP addresses associated with criminal activity, along with a range of domain names used by criminal groups, for online service providers to disable unlicensed versions of the tool. A total of 690 IP addresses were flagged to online service providers in 27 countries. By the end of the week, 593 of these addresses had been taken down.
Date
24/06/2024
Institution
- Europol
Ransomware Group
- Ryuk TrickBot Conti
Event Category
- Other modus operandi disruption
Level of Cooperation
- International
Countries
🇦🇺 Australia, 🇧🇬 Bulgaria, 🇨🇦 Canada, 🇪🇪 Estonia, 🇫🇮 Finland, 🇩🇪 Germany, 🇯🇵 Japan, 🇱🇹 Lithuania, 🇳🇱 Netherlands, 🇵🇱 Poland, 🇰🇷 South Korea, 🇬🇧 United Kingdom, 🇺🇸 United States
