The world’s most infamous and notorious Trickbot Malware family infrastructure has been taken down by the collaborative operation of leading security and software firms Microsoft, Symantec, ESET, Lotus Labs.
Trickbot botnet malware has initially uncovered in 2016 since then the operators behind the malware have attacked so many private and government sectors around the globe to steal various sensitive data.
Later Trickbot botnet infrastructure was available for Malware-as-a-Service and is used for various operations including steal credentials, exfiltrate data, and deploy additional payloads, most notably Ryuk ransomware.
The action taken against the threat actors behind the Trickbot malware will neither use this infrastructure to distribute the Trickbot malware nor deployed the payloads such as ransomware and spyware.
Trickbot mainly used spam and phishing Email campaigns as a medium to reach the targets along with the malicious attachment or link and trick users to click on it, also trick bot operators install reconnaissance tools like PowerShell Empire, Metasploit, and Cobalt Strike.
United States District Court Order
Trickbot infrastructure has been taken down after the U.S district court has issued an order that was obtained in a U.S. lawsuit filed by Microsoft and the Financial Services Information Sharing and Analysis Center (FS-ISAC) against Trickbot’s anonymous operators.
According to a Microsoft report “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems”
During the investigation, Microsoft has identified Trickbot operation details including infrastructure that used by the actors for various purpose such as communicate with and control victim computers, the way infected computers talk with each other, and Trickbot’s mechanisms to evade detection and attempts to disrupt its operation and more.
Microsoft also has identified the command and control servers used in the trick bot operations, IP Address. the court has been issued an order to disable the IP address.
‘The court approved Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.”