top of page


  • Marijan Hassan - Tech Journalist

Global sting nets hundreds of Cobalt Strike servers used in cybercrime

A major international cybersecurity operation led by Europol has resulted in the takedown of nearly 600 Cobalt Strike servers that were being abused by cybercriminals. Law enforcement authorities from the UK, Australia, Canada, Germany, the Netherlands, Poland, and the United States all took part in the sting operation dubbed "Operation Morpheus.”

Cobalt Strike is a powerful tool designed for security professionals to identify vulnerabilities in systems but has become a favorite weapon of cybercriminals. It allows penetration testers to access a wide variety of attack capabilities and recreate the functionality of many popular strains of malware.

As one cybersecurity expert noted, the incident is a perfect example of criminals taking advantage of legitimate tools to execute their attacks. Instead of reporting on discovered vulnerabilities, the user exploits them to gain unauthorized access.

"Over the course of the investigation, a staggering amount of threat intelligence was shared," said a Europol spokesperson. "This included over 730 pieces of intelligence containing nearly 1.2 million indicators of compromise."

For example, the coalition identified 690 IP addresses in 27 countries as well as a series of domain names they believed were operated by cybercriminals.

Europol noted that they have a Malware Information Sharing Platform in place to allow the private sector to share real-time threat intelligence with their agents.

The takedown of these servers disrupts ongoing cybercrime operations and makes it more difficult for criminals to launch new attacks. However, Europol emphasizes that the fight is far from over and Kevin Robertson, COO at Acumen Cyber, agrees.

“This is a big win for law enforcement, but it won’t completely take Cobalt Strike out of the hands of threat actors. With older and malicious versions of the software still available on the internet, criminals have plenty of opportunity to continue using the tool for malicious purposes,” he said.

Still, it’s great to see this kind of collaboration which is the key to combating cybercrime. It will help eliminate the border problem that protects cybercriminals from facing justice.


bottom of page