tldrdaily.news logo
Tag

Cobalt Strike

All articles tagged with #cobalt strike

Months-long Malicious Notepad++ Google Ads Infection Exposed
cybersecurity2 years ago

Months-long Malicious Notepad++ Google Ads Infection Exposed

A malvertising campaign targeting users searching for the popular Notepad++ text editor has been active for several months, evading detection. The campaign utilizes Google Ads to promote fake software websites that distribute malware. The final payload is believed to be Cobalt Strike, which often precedes ransomware attacks. The campaign tricks users with misleading titles in Google Search result advertisements, redirecting them to a decoy site or a malicious website that mimics the real Notepad++ site. Victims who meet certain criteria are served an HTA script, likely enabling the attackers to track their infections. To avoid downloading malware, users are advised to skip promoted results on Google Search and verify the official domain of the software they are looking for.

via BleepingComputer|
#cobalt-strike#cybersecurity#google-ads
Beware of BlackCat Gang's Malicious WinSCP Ads Spreading Ransomware
cybersecurity2 years ago

Beware of BlackCat Gang's Malicious WinSCP Ads Spreading Ransomware

Threat actors associated with the BlackCat ransomware are using malvertising techniques to distribute rogue installers of the WinSCP file transfer application. By hijacking keywords and displaying bogus ads on search results pages, unsuspecting users searching for WinSCP are redirected to sketchy pages where they unknowingly download malware. The malware contains a Cobalt Strike Beacon that connects to a remote server for follow-on operations, and also utilizes legitimate tools like AdFind for network discovery. The attackers gain top-level administrator privileges, conduct post-exploitation activities, and attempt to set up persistence using remote monitoring and management tools. This incident highlights the ongoing threat of ransomware and the need for robust cybersecurity measures.

via The Hacker News|
#blackcat-ransomware#cobalt-strike#cybersecurity
Microsoft Fights Back Against Cybercriminals' Misuse of Security Tools.
cybersecurity2 years ago

Microsoft Fights Back Against Cybercriminals' Misuse of Security Tools.

Microsoft's Digital Crimes Unit (DCU) has obtained a court order in the US to remove illegal copies of Cobalt Strike, a legitimate post-exploitation tool used for adversary simulation, that have been weaponized by cybercriminals to distribute malware, including ransomware. The misuse of Cobalt Strike has been linked to more than 68 ransomware attacks impacting healthcare organizations in over 19 countries. The goal is to hinder the attacks and force the adversaries to rethink their tactics.

via The Hacker News|
#cobalt-strike#cybercrime#cybersecurity
Microsoft and Fortra team up to combat Cobalt Strike hacking tool.
cybersecurity2 years ago

Microsoft and Fortra team up to combat Cobalt Strike hacking tool.

Microsoft, Fortra, and Health-ISAC have launched a legal crackdown against servers hosting cracked copies of Cobalt Strike, a primary hacking tool used by cybercriminals. The US District Court for the Eastern District of New York has issued a court order allowing Microsoft and Fortra to seize domain names and take down IP addresses of servers hosting cracked versions of Cobalt Strike. The coalition aims to take the malicious infrastructure offline with the help of relevant computer emergency readiness teams and internet service providers. Cobalt Strike has become one of the most widely used tools in cyberattacks involving data theft and ransomware.

via BleepingComputer|
#cobalt-strike#cyberattacks#cybersecurity