Europol has blocked around 600 IP addresses in the fight against Cobalt Strike cybercrime

Europol has blocked around 600 IP addresses in the fight against Cobalt Strike cybercrime
Europol has blocked around 600 IP addresses in the fight against Cobalt Strike cybercrime

Europol has taken down around 600 IP addresses as part of a joint effort to combat the misuse of the Cobalt Strike security tool by cybercriminals. The operation, dubbed Operation MORPHEUS, ran from 24 to 28 June and targeted outdated and unauthorised versions of the tool commonly used in criminal activities.

“Throughout the week, law enforcement agencies flagged known IP addresses associated with criminal activities, along with a number of domain names used by criminal groups, for online service providers to disable unlicensed versions of the tool. A total of 690 IP addresses were linked to online service providers in 27 countries. By the end of the week, 593 of these addresses were terminated,” Europol said in a statement.

Operation MORPHEUS was led primarily by the UK’s National Crime Agency (NCA) and involved significant contributions from authorities in Australia, Canada, Germany, the Netherlands, Poland and the United States. Europol’s European Cybercrime Centre (EC3) has also played a role in coordinating international efforts and liaising with private sector partners.

Paul Foster, director of threat management at the NCA, said that although Cobalt Strike is legitimate software, cybercriminals are using it for “nefarious purposes”.

He added: “Their hacks help lower the barrier to entry for cybercrime, allowing online criminals to launch malware and malware attacks with little to no technical expertise. These attacks can cost businesses millions of dollars in losses and recoveries.”

“I urge any company that has been the victim of cybercrime to report such incidents to the authorities.”

What is cobalt attack?

Cobalt Strike, developed by Fortra, is a legitimate and widely used cybersecurity tool designed to help IT security professionals perform attack simulations to detect vulnerabilities. However, when in the hands of cybercriminals, it can be used maliciously. Reports suggest that cracked copies of older versions such as Ryuk, Trickbot, and Conti have been used in several malware and ransomware cases.

To counter this threat, Fortra has partnered with law enforcement agencies to protect legitimate uses of its software. “Fortra has taken significant steps to prevent misuse of its software and has cooperated with law enforcement authorities throughout this investigation to protect legitimate use of its tools,” Europol said.

The operation was reportedly successful thanks to the cooperation of private sector partners such as BAE Systems Digital Intelligence, Trellix, Spamhaus,, and The Shadowserver Foundation. The partners provided scanning, telemetry, and analysis tools to detect and prevent malicious use of Cobalt Strike.

Europol’s EC3 has supported the project since its launch in September 2021, providing analytical and forensic support. The Malware Sharing Platform was also widely used, with over 730 pieces of threat intelligence containing approximately 1.2 million indicators of compromise.

This coordinated effort is part of a broader strategy enabled by the revised Europol Regulation, which strengthens its capacity to support EU Member States by developing cooperation with the private sector. This strategic approach has significantly increased the resilience of the European digital ecosystem in the face of cyber threats.

Cover image: Ideogram

For Latest Updates Follow us on Google News


PREV The Osuna University School now has an Active Physical Exercise Unit
NEXT Isabel Gemio sentences Alvaro Muñoz Escassi after his breakup with Maria Jose Suarez with a devastating sentence