Cobalt Strike servers owned by the defunct Conti Ransomware group were flooded by anti-Russian messages leading to a DDoS attack. Where servers are flooded with fake traffic, leading to denial of service to the actual traffic.
Cobalt strike is a penetration tool that allows threat actors to deploy agent beacon into the victim network, thereafter leading to wealth of functionalities such as ransomware deployment, malware deployment, keylogging info, file transfer, command execution, privilege escalation, port scanning, OS scanning and mimikatz.
Now, coming back to the main topic, from May this year, Conti members left the group because of the fear of law enforcement tracking and joined groups spreading Hive, BlackCat and Quantum ransomware.
Security researchers from Advanced Intelligence have discovered that the servers of Cobalt Strike are now flooded with messages that are against the Russian leader Vladimir Putin for every two seconds. That means, the servers are being overloaded, leading to disruption.
It is unclear, why the servers are being hit by messages that are against Putin. However, some media resources claim that the activity might be the work of Anonymous Hacking Group that has been digitally working against Kremlin since the beginning of the war between Moscow and Ukraine.
NOTE- According to experts from GroupIB, the Chinese Winnti Hacking group is also using Cobalt Strike to compromise networks in Australia, Russia, Singapore, Malaysia, India, Taiwan, United States and some of the software vendor networks in China.
Ā
