![]() The functions contained in Cobalt Strike represent a real treasure chest for cybercriminals. IT security managers are therefore well advised to focus their defence measures on Cobalt Strike. It can be concluded from this that despite the manufacturer's efforts to prevent misuse, just about every version is hacked and used as a robust tool for cyber attacks. For classification: the current Cobalt Strike version number is 4.7.2. Google Cloud announced at the end of 2022 that a total of 275 specific JAR files of hacked Cobalt Strike versions are in circulation - older software versions from 2012 onwards, but also version 4.7. ![]() As early as 2020, the IT security firm Cisco Talos Intelligence Group reported that a large proportion of ransomware attacks are carried out with Cobalt Strike - the standard Trojans otherwise used appear to be less efficient. Mainly as a booster for penetrating compromised networks with ransomware, the tool is immensely popular. Numerous threat actors, especially APT groups and professionally positioned cybercrime organisations, rely on Cobalt Strike. Nevertheless, hackers repeatedly succeed in gaining access to Cobalt Strike and misusing it for criminal purposes. To prevent the tool from falling into the wrong hands, the developer Strategic Cyber LLC strictly controls the granting of licences. Cobalt Strike can also disguise itself excellently by modifying beacons and thus imitating legitimate data traffic. With its post-exploitation suite, the tool supports numerous methods that are at the top of the cybercriminals' popularity scale - including the theft of credentials, keylogging, port scanning or the execution of commands. The beacons used by Cobalt Strike are stable, flexible and, above all, unobtrusive: they can be mapped in the memory of a processor without negatively affecting the file system. Cobalt Strike uses so-called hidden channels to simulate the actions of hackers within a corporate network. ![]() How does Cobalt Strike work - and how does the pentesting tool get into the hands of criminals?Ĭobalt Strike is a modular post-exploitation framework that was already published in 2012 as a tool for simulating cyber attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |