Languagesx
English Deutsch Việt Nam 한국 日本 ไทย
Subscribe
Home Europol shuts down almost 600 IP addresses in Cobalt Strike cybercrime crackdown

Europol shuts down almost 600 IP addresses in Cobalt Strike cybercrime crackdown

Europol shuts down almost 600 addresses in Cobalt Strike cybercrime crackdown. This image depicts a stylized illustration of five male officers wearing military-style uniforms, intensely working on computers. They appear to be part of a cybercrime task force, as indicated by the insignia on their uniforms. The background features the Europol building, identifiable by its distinctive architecture, all set against a striking red background which emphasizes the urgency and importance of their work. This is an artistic representation of law enforcement personnel engaged in a cybersecurity operation.
The cybersecurity tool is being used for 'nefarious purposes'
TL:DR

  • Europol's Operation MORPHEUS dismantled nearly 600 IP addresses misusing Cobalt Strike.
  • The operation, led by the UK's NCA, involved international cooperation from 27 countries.
  • Cobalt Strike, a legitimate security tool, is often exploited by cybercriminals for ransomware attacks.

Nearly 600 IP addresses have been dismantled by Europol as part of a concerted effort to tackle cybercrime involving the misuse of the Cobalt Strike security tool. The operation, dubbed Operation MORPHEUS, took place between June 24 and June 28, targeting older, unlicensed versions of the tool commonly used in criminal activities.

“Throughout the week, law enforcement flagged known IP addresses associated with criminal activity, along with a range of domain names used by criminal groups, for online service providers to disable unlicensed versions of the tool. A total of 690 IP addresses were flagged to online service providers in 27 countries. By the end of the week, 593 of these addresses had been taken down,” Europol said in a statement.

Operation MORPHEUS was mainly led by the UK’s National Crime Agency (NCA) and involved major contributions from authorities across Australia, Canada, Germany, the Netherlands, Poland, and the United States. Europol’s European Cybercrime Centre (EC3) also played a role in coordinating international efforts and liaising with private sector partners.

Paul Foster, the NCA’s threat leadership director, said that although Cobalt Strike is a legitimate piece of software, cybercriminals have been exploiting its use for “nefarious purposes”.

He added: “Illegal versions of it have helped lower the barrier of entry into cybercrime, making it easier for online criminals to unleash damaging ransomware and malware attacks with little or no technical expertise. Such attacks can cost companies millions in terms of losses and recovery.

“I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement.”

What is a Cobalt Strike attack?

Cobalt Strike, developed by Fortra, is a legitimate and widely used cybersecurity tool designed to help IT security professionals in performing attack simulations to uncover vulnerabilities. However, it can be exploited maliciously when in the hands of cybercriminals. Reports suggest that cracked copies of older versions like Ryuk, Trickbot, and Conti have been used in several high-profile malware and ransomware cases.

To counteract this threat, Fortra has collaborated with law enforcement to safeguard the legitimate usage of its software. “Fortra has taken significant steps to prevent the abuse of its software and has partnered with law enforcement throughout this investigation to protect the legitimate use of its tools,” Europol stated.

The operation was said to be successful due to the cooperation of private industry partners such as BAE Systems Digital Intelligence, Trellix, Spamhaus, abuse.ch, and The Shadowserver Foundation. The partners provided scanning, telemetry, and analytical tools to identify and curb the malicious use of Cobalt Strike.

Europol’s EC3 has supported this project since it was launched in September 2021, providing analytical and forensic assistance. The Malware Information Sharing Platform was also used extensively, with over 730 threat intelligence pieces shared, containing almost 1.2 million indicators of compromise.

This coordinated crackdown is part of a broader strategy enabled by Europol’s amended Regulation, which strengthens its ability to support EU Member States by fostering cooperation with the private sector. This strategic approach has significantly enhanced the resilience of Europe’s digital ecosystem against cyber threats.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Related News

Europol shuts down almost 600 addresses in Cobalt Strike cybercrime crackdown. This image depicts a stylized illustration of five male officers wearing military-style uniforms, intensely working on computers. They appear to be part of a cybercrime task force, as indicated by the insignia on their uniforms. The background features the Europol building, identifiable by its distinctive architecture, all set against a striking red background which emphasizes the urgency and importance of their work. This is an artistic representation of law enforcement personnel engaged in a cybersecurity operation.
Europol shuts down almost 600 IP addresses in Cobalt Strike cybercrime crackdown
Suswati Basu
Two suited agents in a control room with hand in pockets face a wall of computer monitors with code, charts, maps and data on them. A US flag is seen on one wall., photo
WhisperGate Russian suspect indicted, US offers $10m bounty
Sophie Atkinson
AI image of Sydney Opera House, Australia / Australian online safety regulator has retreated on child abuse, terror detection rules
Australia’s online safety regulator retreats on child abuse detection rules
Graeme Hanna
A vivid, virtual depiction of a data hack at a PC chipmaking company. The scene is dominated by a digital landscape, with streams of data rep resented as glowing lines of code and binary numbers flowing through a network of interconnected circuits and servers. In the foreground, a virtual hacker avatar, shrouded in a dark cloak and with a featureless face, is interacting with the data streams. The hacker's hands are manipulating the data, with lines of code being extracted and rerouted to a different location.
AMD suffers huge alleged data hack
Rachael Davies
Snowflake enforces MFA as data breach probe continues. The image depicts a stylized, three-dimensional scene with a character resembling a snowman, featuring metallic wings and a snowflake symbol on its chest. It is standing on a glowing, orange platform surrounded by dark, intricate machinery and data storage units. The overall setting suggests a futuristic or digital world, and the atmosphere is enhanced by a cool, blue color tone contrasting with the warm glow of the platform.
Snowflake enforces MFA as data breach probe continues
Suswati Basu

Most Popular Tech Stories

Latest News

choosing the best starting class in elden ring
Gaming

Best Elden Ring starting class explained
Ali Rees5 hours

Being a FromSoftware title, Elden Ring has a (well-deserved) reputation for being a hard game. Early on before you've found any weapons, upgraded your gear, or leveled up much, the...

Popular TopicsArrow right.svg

AI
AI
AI
AR / VR
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Gaming
Smartphone
Smartphone
Smartphone
Gambling
Gambling
Gambling
Wearables
Wearables
Wearables
Web
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.