During a focused investigation into malicious use of the legitimate Cobalt Strike penetration testing tool, Secureworks® Counter Threat Unit™ (CTU) researchers explored how government-sponsored threat groups leverage it during intrusions. These groups use various tactics to operate with stealth.
Secureworks incident responders observed the TIN WOODLAWN cyberespionage group using a modified version of Cobalt Strike to evade countermeasures that rely on the default configuration for detection. CT…