Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting cracked copies of Cobalt Strike, one of the primary hacking tools used by cybercriminals.
"We will need to be persistent as we work to take down the cracked, legacy copies of Cobalt Strike hosted around the world," said Amy Hogan-Burney, the head of Microsoft's Digital Crimes Unit (DCU).
"This is an important action by Fortra to protect the legitimate use of its security tools. Microsoft is similarly committed to the legitimate use of its products and services."
Last Friday, March 31, the U.S. District Court for the Eastern District of New York issued a court order allowing the coalition to seize the domain names and take down the IP addresses of servers hosting cracked versions of Cobalt Strike.
This will happen with the help of relevant computer emergency readiness teams (CERTs) and internet service providers (ISPs), with the end goal of taking the malicious infrastructure offline.
Takedowns linked to this action have already started earlier this week, on Tuesday, and the court order also allows Microsoft and Fortra to disrupt new infrastructure that the threat actors will use in future attacks.
"Disrupting cracked legacy copies of Cobalt Strike will significantly hinder the monetization of these illegal copies and slow their use in cyberattacks, forcing criminals to re-evaluate and change their tactics,"
Hogan-Burney said.
"Today's action also includes copyright claims against the malicious use of Microsoft and Fortra's software code which are altered and abused for harm."
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}