![]() The value of early detection is highlighted by two similar incidents. GOLD LAGOON provides access to other threat groups that deploy various ransomware families in compromised environments. The threat actors then use Cobalt Strike to move laterally throughout the network, establish persistence, and ultimately facilitate damaging post-intrusion ransomware attacks. ![]() CTU™ researchers frequently observe GOLD LAGOON deploying Cobalt Strike to Qakbot-infected hosts that are identified as members of an Active Directory domain. For example, the financially motivated GOLD LAGOON threat group leverages the Qakbot botnet to deploy Cobalt Strike. ![]() Understanding a threat actor's end goal is important. This knowledge can help to secure organizations that may be targeted by threat actors with diverse motives. Secureworks® Counter Threat Unit™ (CTU) researchers conducted a focused investigation into malicious use of Cobalt Strike to gain insights about when and how the tool has been used. The robust use of Cobalt Strike lets threat actors perform intrusions with precision. Cobalt Strike is a commercially available and popular command and control (C2) framework used by the security community as well as a wide range of threat actors. Many cybercriminals that operate malware use the ubiquitous Cobalt Strike tool to drop multiple payloads after profiling a compromised network.
0 Comments
Leave a Reply. |