What is a Cobalt Strike

CyberSecurity

Cobalt Strike is a commercial 202503211620 - Penetration Testing tool that has become increasingly popular among cybercriminals and 202503211621 - Ransomware groups[2][4]. It provides a range of capabilities for post-exploitation activities, including:

• Beacon payload for remote access and control[2]
• Malleable C2 module for customizing payloads to evade detection[2]
• Web Drive-By module for conducting drive-by attacks[2]

Numerous malicious campaigns and ransomware groups have utilized Cobalt Strike:

• APT29 used it to attack the U.S. energy sector in 2018[2]
• Lazarus group employed it against financial institutions in 2019[2]
• Trickbot operators used it to deploy the Anchor backdoor and RYUK ransomware[2]
• LockBit ransomware leveraged it to evade security controls[2]