back to article We need to talk about criminal hackers using Cobalt Strike, says Cisco Talos

Penetration testing tool Cobalt Strike is increasingly being used by black hats in non-simulated attacks as traces show up in scenarios from ransomware infections to state-backed APT threats, says Cisco Talos. The paid-for tool, created by Raphael Mudge and sold to HelpSystems in March, began its existence as a legitimate item …

  1. HildyJ Silver badge
    Pirate

    I am shocked

    Shocked! That tools developed by the good guys end up in the bad guys hands.

    This just points out that there are no secrets if someone, good or bad, wants to spend the effort to get them and once they've got them they spread.

    If some pentester, internal or external, finds a problem, you should assume that everyone you fear can also find and exploit that problem.

    Now if someone could figure out a way to convince management to budget for immediate fixes, then I would really be shocked.

    1. sanmigueelbeer Silver badge

      Re: I am shocked

      Now if someone could figure out a way to convince management to budget for immediate fixes, then I would really be shocked

      Nothing more convincing than having the company's name being announced on the nightly 7 o'clock news.

      So many times have the respond been "no money" but once the proverbial projectile hitting equally the proverbial fan, the required funding + manpower materializes without even the need for a pentagram-drawn-in-blood-from-a-virgin.

    2. big_D Silver badge

      Re: I am shocked

      Good guy: "Look, I've invented a knife, it makes killing animals easier and I can use it to cut things up."

      Bad guy: "Look, I can use it to kill you!"

      Good guy: "Look, I've invented a sling, I can use it to kill animals some distance away."

      Bad guy: "Look, I can use it to kill you!"

      Good guy: "Look, I've invented a bow and arrow, I can kill animals at long range."

      Bad guy: "Look, I can use it to kill you!"

      Good guy: "Look, I've invented a gun, I can kill animals at even longer range."

      Bad guy: "Look, I can use it to kill you!"

      ...

      Whenever we invent something that has a positive use, somebody will find a way of using it for bad things.

  2. Anonymous Coward
    Anonymous Coward

    Wow

    The bad guys have been using Cobalt Strike since at least 2017, if not 2016.

    Sure the ransomware dropping is a new angle, but APT style intrusion with it (which is was created to actually simulate for red teams) has been around a long old time.

    Articles on ransomware deliveries using Cobalt Strike also recently not exactly new.

    I love threat intel reports, always behind the curve and just people trying to get some advertising from some old shit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021