The United States Cyber Command (USCYBERCOM) recently conducted a coordinated operation aimed at disrupting the largest international botnet, operating under the Trickbot moniker.
With an estimated million or more hijacked computers infected with the botnet’s malware, Trickbot is reportedly being commanded and controlled by a Russian criminal organization, which appears intent on deploying ransomware attacks and disrupting the 2020 U.S. presidential election. Coordination and collaboration between defense agencies and technology firms is expected to continue in the fight against malicious threat actors the world over.
USCYBERCOM and Microsoft target Trickbot
Krebs on Security was one of the first organizations to report that an unknown entity was responsible for repeatedly disrupting Trickbot’s network operations over the last few weeks. The entity managed to send a command to all zombie systems infected with the Trickbot malware to disconnect themselves from the criminal organization’s command and control servers.
In addition to this disruption, the entity had managed to flood the Trickbot database with millions of false records designed to ultimately confound the botnet’s operators. As it turns out, several sources told The Washington Post that the previously “unknown entity” disrupting the botnet was actually a coordinated joint operation between USCYBERCOM, a branch of the Defense Department lead by the director of the National Security Agency (NSA), and Microsoft.
While this operation resulted in the successful separation of a large number of victims’ systems from the Trickbot network, the success has been short lived. Despite losing access to a significant portion of their zombie systems, the botnet overlords are still in possession of a great deal of stolen sensitive vic ..
Support the originator by clicking the read the rest link below.
