A coordinated law enforcement operation called MORPHEUS shut down nearly 600 servers used by cybercriminals connected to Cobalt Strike.
The operation targeted older, unlicensed versions of Cobalt Strike between June 24 and 28, according to Europol.
Out of 690 IP addresses flagged to online service providers in 27 countries, 590 are now inaccessible.
The operation, which started in 2021, was led by the U.K. National Crime Agency (NCA) and included authorities from Australia, Canada, Germany, the Netherlands, Poland, and the U.S., with support from Bulgaria, Estonia, Finland, Lithuania, Japan, and South Korea.
Cobalt Strike is a tool for IT security experts to find weaknesses in security operations and incident responses, developed by Fortra (formerly Help Systems).
However, Google and Microsoft have found that cracked versions of Cobalt Strike are being misused by cybercriminals for post-exploitation purposes.
Palo Alto Networks Unit 42 reports that this involves a payload called Beacon, which uses text-based profiles called Malleable C2 to change Beacon’s web traffic to avoid detection.
“Cobalt Strike is a legitimate tool, but cybercriminals have exploited it,” said Paul Foster, director of threat leadership at the NCA.
“Illegal versions have made it easier for criminals to launch ransomware and malware attacks without much technical knowledge, costing companies millions.”
Meanwhile, Spanish and Portuguese law enforcement arrested 54 people for tricking elderly citizens into giving personal information by pretending to be bank employees.
The criminals then pressured victims into giving credit cards, PIN codes, and bank details, sometimes stealing cash and jewelry.
They used this information to take over bank accounts or make unauthorized cash withdrawals and purchases.
“These criminals caused €2,500,000 in losses” said Europol. “They funneled the money through accounts in Spain and Portugal and used a network of money mules to launder the funds.”
The arrests also follow INTERPOL’s actions to break up human trafficking rings in several countries, including Laos, where Vietnamese nationals were lured with false job promises and forced to create fake online accounts for financial scams.
“Victims worked 12-hour days, extended to 14 hours if they didn’t recruit others, and had their documents taken,” said the agency. “Families were extorted up to $10,000 to bring them back to Vietnam.”
Last week, INTERPOL seized $257 million in assets and froze 6,745 bank accounts in a global operation across 61 countries to disrupt online scams and organized crime.
Operation First Light targeted phishing, investment fraud, fake online shopping sites, romance, and impersonation scams, leading to 3,950 arrests and identifying 14,643 other possible suspects worldwide.
Source: TheHackerNews
