Since September 2021, Europol’s European Cybercrime Centre (EC3) assisted the operation with analytical and forensic support and enabled information exchange among all partners. Additionally, law enforcement operated a “malware information sharing platform,” inviting private partners to add real-time threat intelligence to the effort.

“Over the span of the whole investigation, over 730 pieces of threat intelligence were shared containing almost 1.2 million indicators of compromise,” Europol added. “The disruption does not end here. Law enforcement will continue to monitor and carry out similar actions as long as criminals keep abusing older versions of the tool.”

Frequently abused pen-tester

The commercial pen-testing tool, originally designed for red teaming and adversary simulations, has been abused by cybercriminals from time to time to carry out attacks or package a challenging malware. The biggest of its abuses was the SolarWinds supply chain attack reported in December 2020, where attackers dropped customized Cobalt Strike Beacon through legitimate Orion platform updates.