Operational Dismantling of 600 Cobalt Strike-Linked Cybercrime Servers in Global Police Sweep
Closing in on 600 cybercrime servers associated with Cobalt Strike, a coalition of law enforcement agencies, under the codename MORPHEUS, successfully took down these infrastructures utilized by cybercriminal syndicates.
The clampdown specifically targeted outmoded, unlicensed editions of Cobalt Strike’s red teaming framework between June 24 and 28, as outlined by Europol.
Out of 690 traced IP addresses linked to illicit actions in 27 nations, 590 have been rendered inaccessible.
Initiated in 2021, the collaborative mission was spearheaded by the U.K. National Crime Agency (NCA) and encompassed authorities from Australia, Canada, Germany, the Netherlands, Poland, and the U.S, with additional assistance provided by officials from Bulgaria, Estonia, Finland, Lithuania, Japan, and South Korea.
Cobalt Strike, a renowned adversary simulation and penetration assessment tool created by Fortra (previously Help Systems), equips IT security professionals with tools to uncover vulnerabilities in security systems and incident response mechanisms.
However, as identified previously by Google and Microsoft, illicitly obtained versions of the tool have been exploited by malicious entities to perpetrate post-exploitation activities repeatedly.
Per a recent analysis from Palo Alto Networks Unit 42, this involves leveraging a payload named Beacon that uses text-based profiles known as Malleable C2 to modify Beacon’s web traffic attributes for evasion from detection mechanisms.
“Despite Cobalt Strike being an authentic software, unscrupulous cybercriminals have misused it for illicit pursuits,” remarked Paul Foster, NCA’s director of threat leadership, in a statement.
“The proliferation of unofficial versions has lowered the barriers to entry into cybercrime, enabling online malefactors to execute detrimental ransomware and malware assaults with minimal technical skills. Such attacks can result in substantial financial losses and recovery expenditure for companies.”
Recent apprehensions by Spanish and Portuguese law enforcement agencies involve 54 individuals embroiled in defrauding elderly individuals through vishing operations, by posing as bank representatives to extract personal data under the pretext of resolving banking issues.
Subsequently, these data were shared with other members of the criminal syndicate, who would visit the victims’ residences unannounced, coercing them into disclosing credit card details, PIN codes, and financial specifics. Some instances also included thefts of cash and valuables.
This criminal endeavor ultimately empowered the malefactors to gain access to victims’ bank accounts or conduct unauthorized cash withdrawals via ATMs and high-value purchases.
“By deploying deceitful phone calls and psychological manipulation, the felons have caused losses amounting to €2,500,000,” noted Europol earlier this week.
“The embezzled funds were funneled into numerous Spanish and Portuguese accounts managed by the scammers, from where they were funneled into an intricate money laundering scheme. A wide network of money mules, overseen by specialized participants of the syndicate, was utilized to obfuscate the origin of the illicit proceeds.”
These apprehensions closely follow similar actions conducted by INTERPOL to dismantle human trafficking syndicates across various countries, including Laos, where numerous Vietnamese nationals were coaxed with lofty job prospects, only to be ensnared into facilitating fraudulent online schemes.
“Victims had to endure incessant 12-hour work shifts, elongating to 14-hour days if they failed to recruit others, compounded by the confiscation of their documents,” illustrated the agency in its report. “Families were extorted up to USD $10,000 to facilitate their repatriation to Vietnam.”
Last week, INTERPOL divulged the seizure of assets amounting to $257 million and the freezing of 6,745 bank accounts following a cross-continental police initiative spanning 61 nations, aimed at disrupting online scams and organized crime networks.
Dubbed as Operation First Light, the endeavor concentrated on countering phishing, investment fraud, counterfeit online shopping platforms, romance scams, and impersonation rackets. It brought about the arrests of 3,950 culprits and identified an additional 14,643 potential offenders across all continents.
About Author
