The software is used for adversary simulations and so-called red team operations, both being security assessments that can simulate what an experienced attacker can do in a network.
Cobalt strike source leaked. The license check is commented out ? pic.twitter.com/DOjqdIDhVq— Amit Serper ? (@0xAmit) November 11, 2020
Malicious attackers have used it for a long time, as also legitimate security professionals, due to its quality. The only drawback is the licence fee which is US$3500 per user a year and US$2500 for a renewal.
The source code was made available on GitHub and decompiled before it was posted on the source code repository. The licence check code has been edited out.
"This is unlikely to have any short-term consequence regarding criminal usage of Cobalt Strike as they are simply using stolen copies to begin with.
The availability of the re-compiled (decompiled JAR) #CobaltStrike code into the workable tool with the commented out "license check" presents new opportunities for cybercriminals groups, unfortunately.— Vitali Kremez (@VK_Intel)
It also presents new opportunities for defenders to examine the code.
"Where the risk lies is in the ability to update such a powerful tool with newly discovered vulnerabilities accelerating their adoption in the criminal community.
"Only time will tell if this has an impact, but I suspect it will be business as usual for criminals for now. This is, however, even more reason for organisations to ensure they are patching their systems as quickly as possible."