X-Industry

morpheus (2)

HellCat and Morpheus Ransomware

The previous six months have seen heightened activity regarding new and emerging ransomware operations. Across the tail end of 2024 and into 2025, researchers have seen the rise of groups such as FunkSec, Nitrogen,, and Termite. In addition, we have seen the return of Cl0p and a new version of LockBit (aka LockBit 4.0).

Within this period of accelerated activity, the Ransomware-as-a-Service offerings HellCat and Morpheus have gained additional momentum and notoriety. Operators behind HellCat, in

Operation Morpheus

International Joint Operation Takes Down Over 600 IP Addresses Abusing Cobalt Strike Tool - Hundreds of IP addresses abusing Cobalt Strike have been shut down in a joint effort involving law enforcement across several nations. Codenamed “Morpheus”, the joint operation resulted in flagging 690 IP addresses and domains used to infiltrate victim networks. So far, 593 of them have been taken offline.

The servers flagged in Operation Morpheus used old, unlicensed versions of Cobalt Strike, a popular

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Note: this page contains paid content.