"Microsoft, Fortra Get Legal Permission to Counter Cobalt Strike Abuse"
Microsoft and two partner organizations have been granted legal permission to target cybercriminal infrastructure associated with the widespread abuse of Cobalt Strike, a legitimate testing tool that attackers have used against the healthcare industry. Together with the non-profit Health Information Sharing and Analysis Center (Health-ISAC) and software developer Fortra, Microsoft's Digital Crimes Unit (DCU) is working to stop cybercriminals from distributing malware, including ransomware, using cracked, legacy copies of Cobalt Strike and abused Microsoft software. Red teams use Fortra's Cobalt Strike adversary simulator and penetration testing software to identify vulnerabilities and plan a response, but cybercriminals have exploited older versions of the program. The US District Court for the Eastern District of New York issued an order on March 31 permitting the three entities to pursue "malicious infrastructure" used in attacks, such as command-and-control (C2) servers. This article continues to discuss Microsoft, Health-ISAC, and Fortra being granted legal permission to combat cybercriminal infrastructure associated with the abuse of Cobalt Strike.
The Record reports "Microsoft, Fortra Get Legal Permission to Counter Cobalt Strike Abuse"