Last week, Microsoft received and enforced a court order granted by the United States District Court for the Eastern District of Virginia to disrupt TrickBot operations.
TrickBot is a malware that started as a banking Trojan designed to steal credentials. Over the years, it evolved and became the world's most massive botnet distributed as malware-as-a-service. TrickBot is delivered via email, deploying payloads, and Ryuk ransomware, in the target networks.
After the US Government called for action and warned this malware's attempt to disrupt the US 2020 elections, private and public entities started monitoring more closely TrickBot behavior.
Microsoft 365 Defender Threat Intelligence Team and its partners started gathering information to take down TrickBot's back-end infrastructure. They analyzed over 186,000 TrickBot samples, which led them to the command-and-control C2 infrastructure and identity its IP address.
"With this evidence, the court approved Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the TrickBot operators to purchase or lease additional servers," Microsoft said.
How long did it last?
Not too long!! Despite Microsoft efforts, the Swiss security Feodo Tracker found 18 active services sending out malware via spam. Although TrickBot lost a significant number of zombies systems, they still count on the information stolen and millions of other servers worldwide. TrickBot's operators brought another dozen servers online outside of the United States, in cities including Amsterdam, Berlin, and Moscow Intel 471 found.
Allari implements customized service plans for IT Operations & Cyber-security which allow you to complete a higher volume of planned work, gain the capacity to innovate and help your business to win.
Subscribe to the best newsletter there is.
You won't regret it!