AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Operation Morpheus: Europol hits cybercrime hard

A vast network of illegal servers discovered and neutralized: the global fight against cyber threats enters a new phase

Operation Morpheus, coordinated by Europol, disabled nearly 600 Cobalt Strike servers used by cybercriminals. Pirated versions of this pentesting tool have been exploited for cyber attacks. Public-private collaboration has been crucial to this success.

This pill is also available in Italian language

In an action coordinated by Europol, called Operation Morpheus, almost 600 Cobalt Strike servers used by cybercriminals were shut down. This important achievement was achieved through collaboration between law enforcement agencies from several countries, including the United States, United Kingdom, Germany, Australia, Canada, the Netherlands and Poland, and the involvement of private sector partners such as BAE Systems Digital Intelligence, Trellix, Spamhaus,, and The Shadowserver Foundation. These entities offered essential support through advanced scanning, telemetry and analytics capabilities. The operational phase of Operation Morpheus took place between 24 and 28 June and is the culmination of an investigation launched in 2021, during which Europol coordinated activities with over 40 meetings between law enforcement representatives and private realities, also establishing a virtual command for the operational week.

Cobalt Strike: from legitimate tool to cybercrime resource

Cobalt Strike was created by Fortra (formerly Help Systems) as a legitimate penetration testing tool. Over time, however, pirated versions of the software have been exploited by cybercriminals to conduct infiltration, compromise, sabotage and extortion operations. In particular, government-affiliated hacker groups have found Cobalt Strike to be a useful resource for maintaining persistent access to breached networks. This program has thus become a serious threat not only for cybersecurity companies, but also for large global companies worried about the malicious capabilities that hackers can obtain by exploiting it.

The legal action and contributions from large companies

The criminal use of Cobalt Strike had already put several large companies on alert. Last April, Fortra teamed up with Microsoft and the Health Information Sharing and Analysis Center to take legal action against servers hosting pirated copies of the software. In a previous move, in November 2022, Google Cloud Threat Intelligence made public a set of indicators of compromise and 165 YARA rules, aimed at helping analysts and security managers detect the presence of Cobalt Strike in corporate networks. These initiatives highlight how the private sector is deploying resources and innovative solutions to combat the abuse of legitimate tools by cybercrime.

Future predictions: constant vigilance against cyber threats

Europol stated that Operation Morpheus does not represent the end of activities against the abuse of Cobalt Strike by cybercriminals. Law enforcement and affected entities will continue to monitor and take similar actions as long as these threats persist. The cybersecurity community therefore remains vigilant and prepared to respond to the challenges posed by pirated versions of pentesting tools, confirming the importance of constant collaboration between the public and private sectors to improve network security and prevent cyber criminal activity.

Follow us on Instagram for more pills like this

07/04/2024 10:33

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises