Operation Morpheus: Europol hits cybercrime hard
A vast network of illegal servers discovered and neutralized: the global fight against cyber threats enters a new phase
Operation Morpheus, coordinated by Europol, disabled nearly 600 Cobalt Strike servers used by cybercriminals. Pirated versions of this pentesting tool have been exploited for cyber attacks. Public-private collaboration has been crucial to this success.
In an action coordinated by Europol, called Operation Morpheus, almost 600 Cobalt Strike servers used by cybercriminals were shut down. This important achievement was achieved through collaboration between law enforcement agencies from several countries, including the United States, United Kingdom, Germany, Australia, Canada, the Netherlands and Poland, and the involvement of private sector partners such as BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.ch, and The Shadowserver Foundation. These entities offered essential support through advanced scanning, telemetry and analytics capabilities. The operational phase of Operation Morpheus took place between 24 and 28 June and is the culmination of an investigation launched in 2021, during which Europol coordinated activities with over 40 meetings between law enforcement representatives and private realities, also establishing a virtual command for the operational week.
Cobalt Strike: from legitimate tool to cybercrime resource
Cobalt Strike was created by Fortra (formerly Help Systems) as a legitimate penetration testing tool. Over time, however, pirated versions of the software have been exploited by cybercriminals to conduct infiltration, compromise, sabotage and extortion operations. In particular, government-affiliated hacker groups have found Cobalt Strike to be a useful resource for maintaining persistent access to breached networks. This program has thus become a serious threat not only for cybersecurity companies, but also for large global companies worried about the malicious capabilities that hackers can obtain by exploiting it.
The legal action and contributions from large companies
The criminal use of Cobalt Strike had already put several large companies on alert. Last April, Fortra teamed up with Microsoft and the Health Information Sharing and Analysis Center to take legal action against servers hosting pirated copies of the software. In a previous move, in November 2022, Google Cloud Threat Intelligence made public a set of indicators of compromise and 165 YARA rules, aimed at helping analysts and security managers detect the presence of Cobalt Strike in corporate networks. These initiatives highlight how the private sector is deploying resources and innovative solutions to combat the abuse of legitimate tools by cybercrime.
Future predictions: constant vigilance against cyber threats
Europol stated that Operation Morpheus does not represent the end of activities against the abuse of Cobalt Strike by cybercriminals. Law enforcement and affected entities will continue to monitor and take similar actions as long as these threats persist. The cybersecurity community therefore remains vigilant and prepared to respond to the challenges posed by pirated versions of pentesting tools, confirming the importance of constant collaboration between the public and private sectors to improve network security and prevent cyber criminal activity.
Follow us on WhatsApp for more pills like this07/04/2024 10:33
Marco Verro