Cobalt Strike use in malicious operations was largely associated with well-resourced threat actors, including large cybercrime operators like TA3546(also known as FIN7), advanced persistent threat (APT) groups such as TA423 (known as Leviathan or APT40).