10/18/2023 0 Comments Ransomwhere tool![]() ![]() "After we execute the temporary restraining order today, we are going to seek a permanent injunction because we believe this activity will continue by the cybercriminals. " allows us to keep doing it," Hogan-Burney added. But Friday's court order also allows Microsoft, Fortra and the H-ISAC to carry out future takedowns as criminals develop new infrastructure. Microsoft and Fortra obtained a temporary restraining order against those violating the copyright of their programs to permit quicker shutdown of malicious versions of the software. And although Friday's legal action will not stop cybercriminals from exploiting the cracked software outright, Hogan-Burney calls it an important first step. Microsoft has already begun digging into hacking tools it believes cybercriminals will switch to after the Cobalt Strike crackdown, according to Hogan-Burney said. ![]() "Some of the legal claims are similar to actions we've done in the past, but the scope is much bigger than what we've done," said Hogan-Burey. Microsoft has previously tapped civil orders to seize domains and IP addresses associated with specific malware, but Friday's court order marks the first time the tech leader has sought to take down a malicious hacking tool on this scale. Spearheaded by Microsoft's 35-person Digital Crime Unit, researchers began devising the legal strategy more than one year ago in conjunction with Fortra and H-ISAC. We'll work with others around the world to help remediate those victims," said Amy Hogan-Burney, general manager and associate general counsel for cybersecurity policy and protection at Microsoft.įriday's legal move marks rare action by a tech leader to target malicious hackers' tools and tactics with a court authorized order. "We are also going to do what we call 'sinkholing,' which means redirecting those domains to Microsoft so that we can identify any victims. "In addition to financially motivated cybercriminals, we have observed threat actors acting in the interests of foreign governments, including from Russia, China, Vietnam and Iran, using cracked copies." "While the exact identities of those conducting the criminal operations are currently unknown, we have detected malicious infrastructure across the globe, including in China, the United States and Russia," Microsoft stated in their announcement. Older, illegal copies of the Cobalt Strike software - often referred to as "cracked" versions - have been abused by criminals in a series of high profile attacks, including those waged against the government of Costa Rica and the Irish Health Service Executive, according to Microsoft.Īt least two infamous Russian-speaking ransomware gangs - Conti and LockBit - are listed among the 16 defendants, according to a court order obtained by CBS News. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |