Microsoft leads the attack on the TrickBot botnet

A task force made up of experts from organizations such as Microsoft's Defender team, FS-ISAC (Financial Services Information Sharing and Analysis Center), ESET, Black Lotus Labs, NTT, and Symantec worked with the aim of dismantling the TrickBot botnet and the infrastructure dedicated to its management. An effort that went through months of investigations and the analysis of over 125,000 malware distributed, infecting a total of computers believed to be over a million. Devices related to the Internet of Things are also interested.

TrickBot: operation coordinated by Microsoft

The United States District Court for the Eastern District of Virginia recognized the Redmond group authorization necessary to interface with ISPs and CERT (Computer Emergency Readiness Team) units to shut down the botnet and start a communication campaign aimed at alerting victims of the risk. A real takedown operation.

With this evidence, the court granted Microsoft and its partners approval to disable IP addresses, to make content inaccessible and to take C&C servers offline, suspending all the services of the operators involved in the botnet, blocking any attempt to buy or rent additional servers.

The history of TrickBot has its roots in 2016 with the first sightings of a banking trojan. It was later transformed into a malware downloader capable of infecting affected systems by providing access to cybercriminals, thus creating a model known as MaaS (Malware-as-a-Service).

It is considered by experts to be one of the most serious cyber threats among those in circulation, together with Emotet, a vehicle through which ransomware campaigns by gangs known as Ryuk and Conti have been implemented. We'll see if the takedown attempt will be successful or not.

This is the second botnet targeted by Microsoft and its partners in 2020: in March it was Necurs' turn with an operation of the all similar.

Source: Microsoft