Wednesday, October 27, 2021

Detecting Cobalt Strike: Government-Sponsored Threat Groups

During a focused investigation into malicious use of the legitimate Cobalt Strike penetration testing tool, Secureworks® Counter Threat Unit™ (CTU) researchers explored how government-sponsored threat groups leverage it during intrusions. These groups use various tactics to operate with stealth.

Secureworks incident responders observed the TIN WOODLAWN cyberespionage group using a modified version of Cobalt Strike to evade countermeasures that rely on the default configuration for detection. CT…

Read More

Latest news
Related news