SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Ransomware
#
Cybersecurity

Microsoft & Fortra's joint fight against Cobalt Strike abuse

Yesterday
Author image
By Catherine Knowles, Journalist

Microsoft's Digital Crimes Unit, Fortra, and the Health Information Sharing and Analysis Center (Health ISAC) have been collaboratively addressing the misuse of unauthorised copies of Cobalt Strike and compromised Microsoft software by cybercriminals since 2023.

The joint effort by Microsoft, Fortra, and Health ISAC highlights the importance of collaborative and sustained efforts to secure the digital environment. This partnership has engaged in legal and technical measures to take down cybercriminal operations, with a particular focus on protecting critical sectors like healthcare.

The number of unauthorised Cobalt Strike instances has been significantly reduced, with an 80% drop over the past two years. This has substantially limited the opportunity for cybercriminals to utilise these tools. These proactive measures have included the seizure and sinkholing of over 200 malicious domains, effectively severing threat actors' access to their resources and minimising potential damage.

The average dwell time, or the period between detection of a threat and its neutralisation, has been shortened considerably. In the United States, dwell time has been reduced to less than one week, while globally, it remains under two weeks.

Operation MORPHEUS, initiated in July 2024, marked a major collaborative international effort involving the UK's National Crime Agency, supported by agencies from the United States, Australia, Canada, Germany, the Netherlands, and Poland. Europol played a key role in orchestrating the operation, which resulted in 593 out of 690 flagged IP addresses being deactivated across 27 countries.

The battle against the misuse of Cobalt Strike is a continuing endeavour. The campaign includes consistent updates to Cobalt Strike's security features, encouraging compliance among web providers by issuing persistent takedown notices and monitoring for recurring threats to ensure they do not resurface.

Fortra has expressed strong support for international cooperation through initiatives such as the Pall Mall Process, which aims to regulate the distribution and use of commercial cyber intrusion tools. This commitment is further supported by the development of automated processes that streamline and increase the efficiency of takedown actions.

Proactive dissemination of their strategies to the wider cybersecurity community is part of Fortra's approach, offering guidance for similar disruption partnerships. By sharing experiences and techniques through educational means like webinars and conferences, Fortra aims to reinforce the ethical use of security tools and curb cybercriminal misuse.

"Collaboration is essential in advancing cybersecurity overall. This not only strengthens the collective defence against cybercriminals but also ensures that legitimate security tools can continue to be used responsibly and effectively to protect organisations worldwide," a statement from Fortra emphasised.

Fortra expressed gratitude to Microsoft DCU, Health ISAC, and other partnering organisations, reaffirming their commitment to protecting the integrity of commercial cybersecurity tools.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Nvisionx partners with Tevora in a multi-million dollar data deal
CrowdStrike enhances partner programme with new incentives
Group-IB's fraud solution now accessible via AWS Marketplace
Rubrik unveils upgrades for enhanced cyber resilience
Check Point & Cardano collaborate on blockchain security
Top stories
Cyber firm Immersive appoints new Chief Executive Officer
Rise in cyberattacks using legitimate RMM tools noted
CYFOX unveils OmniSec GenAI to ease security workloads
Fortinet enhances OT Security Platform with new updates
Exabeam wins triple accolade at 2025 cybersecurity awards