Google wants to make it harder for hackers to use Cobalt Strike2. December 2022
Google wants to make it harder for hackers to use Cobalt Strike
San Francisco, Dec. 2, 2022
Google is releasing a set of tools designed to make it harder for hackers to use Cobalt Strike. The tool has been used by almost all hacker groups over the past decade to invade the privacy of their victims.
Cobalt Strike is a Red Team (offensive) tool that was developed to help security researchers find vulnerabilities. Meanwhile, the tool has become the first choice for hackers who use it as a point-and-click threat vector.
Although the software is constantly updated by its manufacturer, hackers have managed to find vulnerabilities and abuse the tool. Since illegal versions of a software are not publicly available, it becomes even harder to fix the bugs for future upgrades to the officially licensed version.
Google has decided to release some of the YARA rules as an open-source tool to counteract the negative trend. A Cobalt Strike version essentially consists of three components: stagers, templates and beacons. Google claims that Stages and Templates are more difficult for hackers to replicate, which is why the company has developed 165 signatures that help it detect suspicious variants of the software.
It should be noted that these tools are effective against vulnerabilities in previous versions of Cobalt Strike, but not for the latest version.
Just two weeks ago, it was reported that a threat actor known as OPERA1ER stole more than $11 million from 12 countries in Africa. The group uses Cobalt Strike as one of its preferred frameworks.
A new China-based hacking group called Earth Longzhi has hacked numerous Taiwanese entities over the past two years, mainly using Cobalt Strike loaders.
Russian hackers have used the tool to launch hundreds of different campaigns against Ukraine, all with different goals. Z-Team, a well-known Russian hacking group, used Cobalt Strike to develop the Somnia ransomware.