Cobalt Strike, an advanced tool intended to be leveraged by security researchers, is a well-known paid toolkit used today, exploited by cybercriminals for post-intrusion times. Recently, Cisco Talos has published a new research paper regarding the exploitation of the tool, along with other latest detection signatures to stop its misuse by threat actors.
The Chinese Ministry of State Security-affiliated hackers attacked the US government agencies and private companies recently. The hackers used many tools to spread laterally throughout the network. Cobalt Strike was also used smartly in these attacks.
Last month, an APT referred to as Skeleton launched a series of attacks in 2018 and 2019 supported by various tools, including Cobalt Strike, for targeting chip vendors based in Taiwan.