Jake Williams

Fortra doing a victory lap claiming they've cut illicit Cobalt Strike usage by 80% is one thing.

CTI analysts uncritically parroting this ridiculous claim is quite another. Cobalt Strike usage is down because EDRs got better at identifying it specifically. Fortra is AT BEST a minor contributor here.

Mar 10, 2025 at 1:58pmWeb
Show threads1f0wMar 10, 2025
@malwarejake And Fortra also laid off a swathe of good people in recent weeks and are probably looking for good press right now.
Show threadMr. EMar 11, 2025

@s1f0w

I lost a third of my team.

@malwarejake @hacks4pancakes

Show threadAlexandre DulaunoyMar 10, 2025
@malwarejake There are usually waves of Cobalt Strike usage depending of some takedowns, obscure issue of licensing for some TAs, change of framework… and then they are often back at the same rate.
Show threadGabriel NMar 10, 2025

@malwarejake is it even down? RecordedFuture saw a 65% increase in their data according to their latest Malicious Infrastructure Report , page 10

https://go.recordedfuture.com/hubfs/reports/cta-2025-0228.pdf