Jake WilliamsMar 10, 2025

Fortra doing a victory lap claiming they've cut illicit Cobalt Strike usage by 80% is one thing.

CTI analysts uncritically parroting this ridiculous claim is quite another. Cobalt Strike usage is down because EDRs got better at identifying it specifically. Fortra is AT BEST a minor contributor here.

Show threadGabriel N

@malwarejake is it even down? RecordedFuture saw a 65% increase in their data according to their latest Malicious Infrastructure Report , page 10

https://go.recordedfuture.com/hubfs/reports/cta-2025-0228.pdf

Mar 10, 2025 at 7:55pmWeb