Trickbot malware has been wreaking havoc around the world for quite some time now. But thanks to the efforts of multiple security agencies, including Microsoft, the hacker group activities were significantly minimized. This was all done last year to safeguard the U.S. Presidential Elections. But now it seems that they are back up and running again.
Previously, Trickbot botnet was responsible for hacking close to 250M accounts by disabling Windows Defender and stealing cookies. It was even able to steal active Windows directory credentials as well as infect Linux devices. The hacker groups responsible for this malware generally operate from Russia, Belarus, Ukraine, and Suriname. This comes less than a month after Joe Biden pressed Vladimir Putin to stop providing a haven to hacker groups.
This was first reported by The Daily Beast in an article quoting various security experts, “There are signs the hacking gang is working behind the scenes, quietly updating its malware to monitor victims and gather intelligence.” They further added, “In recent weeks, the hackers have been updating a specific part of their operations, namely a tool that helps them remotely control victims’ computers called a VNC module, as found by Bitdefender.”
Microsoft’s attempts to take down Trickbot
Trickbot has been responsible for multiple ransomware attacks on hospitals, schools, and governments. This resurgence is despite Microsoft’s attempts to go door-to-door and replace compromised routers with the Trickbot malware in Brazil and Latin America.
With this, Microsoft effectively eliminated 94% of Trickbot’s critical operational infrastructure, including command-and-control servers and new infrastructure. However, doing the same thing yet again might cost a lot, and it will not be the permanent solution either.
Efforts to take down this group have been going around worldwide, with Microsoft successfully taking down Trickbot infrastructure in Afghanistan. But it will be hard to take it down completely, especially from a geopolitical aspect. Considering there are still countries that have jurisdictions for harboring cybercriminals and giving them a haven.