Microsoft Corporation (NASDAQ: MSFT) took action to help preserve and protect the integrity and security of the upcoming U.S. presidential elections by stopping a massive hacking operation called Trickbot.
The tech giant in partnership with telecommunications worldwide obtained and executed a court order and a technical action that disrupted Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware.
In a blog post, Microsoft’s Corporate Vice President for Customer Security and Trust, Tom Burt said the cybercriminals behind Trickbot will no longer be able to initiate new infections or activate ransomware attacks because they already “cut off key infrastructure.”
“In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled,” according to Burt.
Microsoft found Trickbot to be “so dangerous”
Since 2016, Trickbot infected over one million computing devices worldwide. Microsoft investigated approximately 61,000 samples of Trickbot malware and concluded that it was “so dangerous” because it does not only infect end-user computers but also “Internet of Thing” devices including routers.
Burt noted, Trickbot “has modular capabilities that constantly evolve, infecting victims for the operators’ purposes through a “malware-as-a-service” model. Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware.”
Microsoft has not identified the operators of Trickbot but its investigation suggests that they “serve nation-states and criminal networks for a variety of reasons.”
According to Burt, In addition to maintaining modular capabilities for a variety of end purposes, the operators have proven adept at changing techniques based on developments in society. Trickbot’s spam and spearphishing campaigns used to distribute malware have included topics such as Black Lives Matter and COVID-19, enticing people to click on malicious documents or links. Based on the data we see through Microsoft Office 365 Advanced Threat Detection, Trickbot has been the most prolific malware operation using COVID-19 themed lures.”
During the investigation, Microsoft identified Trickbot’s operational details including the infrastructure used to communicate with and control victim computers, and mechanisms to evade detection.
Microsoft and its partners executed a legal strategy
Burt said Microsoft’s Digital Crimes Unit (DCU) led the investigation and partnered with an international group of telecommunication providers to disrupt the Trickbot operation.
Its partners include FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec, a division of Broadcom. Microsoft’s Defender team was also involved in the effort.
The United States District Court for the Eastern District of Virginia granted their request for a court order to stop this dangerous hacking operation.
Microsoft and its partners obtained the authority to “disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.”
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.