AI accelerates development of ransomware toolkit with EDR evasion capabilities
The toolkit, discovered by Sophos, includes features such as Cobalt Strike profiles to disguise beacon traffic, a Telegram bot API for command and control, P...
Cobalt Strike
C2 Framework
Commercial penetration testing tool widely abused by threat actors as a C2 framework for lateral movement and post-exploitation.
Also known as: cobalt strike, cobaltstrike, beacon
AI Intelligence Brief cached
Related YARA Rules View all on YARA Rules page →
90-Day Activity
Last 90 Days (9)
Last 90 Days
All Time
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-a...
The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. M...
Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
Malicious PDF LNK Files Deploy Cobalt Strike in Operation Dragon Whistle
A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that dep...
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as...
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwrite...
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active s...
2025 Year in Review: Malicious, Infrastructure
Explore Insikt Group’s 2025 Malicious Infrastructure Report. Gain insights into Cobalt Strike, Vidar infostealers, and AI-driven threats to secure your 2026 ...