Microsoft’s Digital Crimes Unit (DCU) has teamed up with cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) to take technical and legal action against cybercriminals who have been using cracked, legacy copies of Cobalt Strike and abused Microsoft software to distribute malware, including ransomware.
This joint effort marks a change in the way DCU has worked in the past, as the scope of their action focuses solely on disrupting these malicious activities. Fortra actively works with social media and file-sharing sites to remove cracked copies of Cobalt Strike when they appear on those web properties. As criminals have adapted their techniques, Fortra has adapted the security controls in the Cobalt Strike software to eliminate the methods used to crack older versions of Cobalt Strike.
Fortra and Microsoft’s investigation efforts included detection, analysis, telemetry, and reverse engineering. They also received additional data and insights from a global network of partners, including Health-ISAC, the Fortra Cyber Intelligence Team, and Microsoft Threat Intelligence team data and insights.
The goal of this joint effort is to disrupt cybercriminals’ ability to distribute malware through these tools. By taking legal action against those who abuse these security tools, Microsoft hopes to send a message that such behavior will not be tolerated.
Individuals and organizations can also take steps to protect themselves from cyber attacks by keeping their software up-to-date with the latest security patches, using strong passwords, being cautious when opening email attachments or clicking on links from unknown sources, and regularly backing up important data.
By working together with cybersecurity partners like Fortra™ and Health-ISAC, Microsoft’s Digital Crimes Unit is taking proactive steps towards disrupting cybercriminals’ ability to distribute malware through these tools.
(n.d.). Stopping cybercriminals from abusing security tools. Microsoft. https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/