The tool’s attractiveness to threat actors is also due to its availability. Cobalt Strike on the Underground: Easily Available Other core features of Cobalt Strike include network reconnaissance tools to identify a target’s products and map their vulnerabilities, include social engineering tools such as to craft phishing emails pre-built exploits for vulnerabilities, customizable payloads post-exploitation tools to maintain access, conduct lateral movement, and escalate privileges and exfiltration tools. One of the unique aspects includes the Cobalt Strike Beacon, a configurable and modular post-exploitation backdoor that uses custom plug-ins and utilizes various evasion techniques to communicate with the C2C server. The capabilities that span different stages of an attack cycle make it attractive to malicious actors. Why is Cobalt Strike so popular?Ĭobalt Strike, created in 2012, is a commercial tool designed to simulate tactics and techniques used by threat actors. These events likely impacted an increase in underground forum mentions of the tool, increasing by 37% between 20 (Figure 2).įigure 2: Underground forum mentions of Cobalt Strike over the previous three years. The availability of the source code significantly lowered the barrier to entry for the tool’s utilization, as actors could use it without needing to procure a license. It’s been featured in many high-profile cyber incidents, including the SolarWinds supply chain attack (December 2020), Colonial Pipeline (May 2021), and fake security updates capitalizing on the Kaseya attack (July 2021).įigure 1: A Russian forum user sharing a link to a coding repository with the alleged leaked source code for Cobalt Strike version 4.0. Shared within several English and Russian-speaking forums, the code and compiled versions based on the code have maintained popularity among advanced and more sophisticated threat groups. Since the source code for Cobalt Strike 4.0 leaked to Github in late 2020, this powerful pentesting tool has become consistently popular for threat actors to abuse.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |