Many cybercriminals that operate malware use the ubiquitous Cobalt Strike tool to drop multiple payloads after profiling a compromised network. Cobalt Strike is a commercially available and popular command and control (C2) framework used by the security community as well as a wide range of threat actors. The robust use of Cobalt Strike lets threat actors perform intrusions with precision.
Secureworks® Counter Threat Unit™ (CTU) researchers conducted a focused investigation into malicious use of Cobalt Strike to gain insights about when and how the tool has been used. This knowledge can help to secure organizations that may be targeted by threat actors with diverse motives.