Microsoft has secured a court order to remove illegal Cobalt Strike copies in an attempt to take down hacking campaigns that use the software.
The latter has been used by hackers regularly for many years.
- Cobalt Strike is used to escalate privileges, move laterally across a network, and encrypt files.
- The software was initially created in 2012 as a tool to simulate cyberattacks but was later misused by threat actors.
- According to Microsoft, Cobalt Strike has deployed over 68 ransomware cyberattacks in over 19 countries.
- Microsoft added that these attacks are mainly used by hacker groups based in Russia, China, Vietnam, and Iran.
- Hackers in China, U.S., and Russia use their infrastructure to host Cobalt Strike.