During the investigation, Microsoft identified Trickbot’s operational details including the infrastructure used to communicate with and control victim computers, and mechanisms to evade detection.
Microsoft and its partners executed a legal strategy
Burt said Microsoft’s Digital Crimes Unit (DCU) led the investigation and partnered with an international group of telecommunication providers to disrupt the Trickbot operation.
Its partners include FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec, a division of Broadcom. Microsoft’s Defender team was also involved in the effort.
The United States District Court for the Eastern District of Virginia granted their request for a court order to stop this dangerous hacking operation.
Microsoft and its partners obtained the authority to “disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.”
