A global effort led by Fortra, Microsoft’s Digital Crimes Unit (DCU), and the Health Information Sharing and Analysis Center (ISAC) has reduced access to weaponized versions of the powerful hacking tool Cobalt Strike by 80%.
Dramatic Reduction in Dwell Time
The initiative, which focused on dismantling the distribution and use of unauthorized, legacy copies of Cobalt Strike and compromised Microsoft software, slashed the average “dwell time” – the period between initial detection and takedown of malicious activity – to less than one week in the United States and less than two weeks worldwide.
Operation MORPHEUS
In July 2024, Operation MORPHEUS, a three-year investigation led by the UK’s National Crime Agency and supported by Fortra and law enforcement agencies across seven countries, came to a head. The operation flagged 690 IP addresses associated with criminal activity, 593 of which were successfully taken down.
Multi-Pronged Approach to Disruption
Beyond these achievements, the campaign has achieved:
- Sinkholing over 200 malicious domains: Preventing further exploitation by redirecting traffic.
- Continued Takedown Efforts: Actively monitoring and issuing takedown notices to hosting providers, with automation to increase efficiency.
- Strengthening Security Controls: Fortra is updating Cobalt Strike’s security to thwart cracking attempts.
- Public-Private Partnerships: Fortra has also signed onto the Pall Mall Process, an international initiative developing regulations to combat the unauthorized distribution and usage of commercial cyber intrusion tools.
- Sharing Disruption Techniques: Through conferences and webinars, the group has provided a roadmap for other security providers to engage in similar disruption partnerships.
Ongoing Efforts and Future Focus
However, this is far from the end of the campaign. Future efforts will focus on refining automation processes and proactively tracking malicious activity, with partners committing to providing ongoing support to law enforcement agencies worldwide.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.