Security news aggregator

Latest coverage for Cobalt Strike

Stay informed on Cobalt Strike-related threats. Get the latest news, analyses, and trends in information security with our focused coverage.

47 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Cobalt Strike is a commercial penetration testing tool designed to simulate advanced attacker behaviors, including command and control (C2) communication, lateral movement, and data exfiltration. Originally intended for red team exercises, it provides features such as customizable payloads, beacon implants, and post-exploitation modules that mimic real-world attack techniques.

Its dual-use nature means threat actors often repurpose Cobalt Strike for unauthorized intrusions, leveraging its stealthy C2 channels and modular capabilities to maintain persistence and evade detection. Security teams should monitor for Cobalt Strike indicators like unusual beacon traffic and employ endpoint detection strategies focused on its known payload behaviors to mitigate risks associated with its misuse.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 47 Filtered view

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024

A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT

Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike tool.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol

Loading more headlines...