Cobalt Strike Usage Explodes Among Cybercrooks


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The use of Cobalt Strike – the legitimate, commercially available tool used by network penetration testers – by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now “gone fully mainstream in the crimeware world.”

The researchers have tracked a year-over-year increase of 161 percent in the number of real-world attacks where Cobalt Strike has shown up. They’ve witnessed the tool being used to target tens of thousands of organizations, wielded by more cybercriminals and general-commodity malware operators than by advanced persistent threat (APT) actors or by those operators who prefer general commodity malware, the researchers said in a report published on Tuesday.

That 161 percent increase happened between 2019 and 2020, but the crooks haven’t lost their taste for Cobalt Strike in 2021: It’s still a “high-volume threat,” researchers said.