Go to listing page

Cobalt Strike Becomes One of the Go-To Tools for Hackers

Cobalt Strike Becomes One of the Go-To Tools for Hackers
Cobalt Strike has now become one of the most misused tools in the cybercrime world. While it is a legitimate and commercially available tool originally created for penetration testing, a recent report showed a 161% year-over-year increase in cyberattacks using this tool.

What's new?

According to Proofpoint, the use of Cobalt Strike by cybercriminals has now gone through the roof.
  • Researchers noted that a large number of cybercriminals and general-commodity malware operators have targeted tens of thousands of organizations since its leak.
  • The 161% rise in the use of Cobalt Strike between 2019 and 2020 implies a high-volume threat for the cyberworld.
  • Cybercrooks use this tool against networks to exfiltrate data, deliver malware, create fake C2 profiles that look legitimate, and avoid security defenses.

Cobalt-strike’s Connection with SolarWinds attack

Cobalt Strike Beacon was one of the tools that were used in the SolarWinds supply-chain attacks. In January, researchers uncovered a piece of SolarWinds-related malware named Raindrop which leveraging the Cobalt Strike tool.
  • Raindrop backdoor loader was using the Cobalt Strike in order to perform lateral movement across victims’ networks, as one of the tools used for follow-on attacks.
  • The U.S. government pinned the supply-chain attacks to Russia’s Foreign Intelligence Service (FSB), an agency that has been using the Cobalt Strike tool in its toolbox since at least 2018.

Conclusion

As evidenced by Proofpoint’s data, tens of thousands of organizations around the world have already been targeted with Cobalt Strike. The recent trend suggests that attackers will continue to leverage this tool in the coming years. Furthermore, this tool is now used by commodity malware operators rather than espionage threat actors and APTs, which makes it a worrisome threat.

Cyware Publisher

Publisher

Cyware