Penetration testing tool Cobalt Strike is increasingly being used by black hats in non-simulated attacks as traces show up in scenarios from ransomware infections to state-backed APT threats, says Cisco Talos.
The paid-for tool, created by Raphael Mudge and sold to HelpSystems in March, began its existence as a legitimate item, billed as "software for adversary simulations and red team operations." It sells for $3,500 per seat, at list price.
"Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer's network," the marketing copy boasts. Oddly enough, those qualities make it attractive to criminals too – and now Cisco Talos wants to draw more attention to that.
Claiming that the tool "accounted for 66 per cent of all ransomware attacks Cisco Talos Incident Response responded to th ..
Support the originator by clicking the read the rest link below.
