Operation Morpheus dismantles Cobalt Strike servers

A Europol coordinated operation with different security agencies in different countries inside and outside the European Union has succeeded in dismantling a significant part of the Cobalt Strike server network, taking down 593 servers.

The operation began in the UK in 2021, dubbed Operation Morpheus, and ended in the last week of June, ending three years of investigation in a single week. This operation has involved the cooperation of several countries from different parts of the world such as Australia, Canada, Germany, the Netherlands, Poland, the United Kingdom and the United States, which participated in the investigation, and Bulgaria, Estonia, Finland, Lithuania, Japan and South Korea, which participated in the disruption operations.

These servers were used in ransomware and cyberespionage campaigns by criminals and actors related to different countries, including Russia, China, North Korea and Iran, among others, as reported by different security agencies such as the FBI, or companies such as Microsoft.