The NCA, along with international partner agencies like the FBI, Australian, Canadian, and EU agencies, carried out enforcement actions against users of Cobalt Strike who were using it for cyber criminal activities. Operation Morpheus targeted 690 instances of Cobalt Strike at 129 ISPs in nearly 30 countries, successfully neutralizing 593 of these instances. While Cobalt Strike is a legitimate tool owned by Fortra, it has been exploited by cyber criminals to facilitate cyber attacks. Illicit versions of Cobalt Strike have been used in major cyber attacks, as well as by ransomware groups like Ryuk and Conti.
NCA director Paul Foster emphasized the importance of reporting cyber crimes to law enforcement and highlighted the effectiveness of international efforts to disrupt cyber criminals by removing their tools. To protect against Cobalt Strike attacks, IT and security professionals should focus on cyber security basics, such as implementing email security measures to prevent spear phishing attacks. Fortra is working with law enforcement to remove older versions of the software from the internet.