Microsoft and a team of companies and law enforcement groups have disabled — at least temporarily — one of the world’s largest hacking operations, an effort run by Russian-speaking cybercriminals that officials feared could disrupt the presidential election in three weeks.
But as soon as Microsoft began dismantling the operations last week, seeking to cripple a network of infected computers known as TrickBot that has been used to paralyze computer systems with ransomware attacks, it discovered that someone else was trying to do the same thing.
To continue reading this New York Times report, go to:
Microsoft seeks to disrupt Russian criminal botnet it fears could seek to sow confusion in the presidential election
Microsoft has taken legal steps to dismantle one of the world’s largest botnets, an effort it says is aimed at thwarting criminal hackers who might seek to snarl state and local computer systems used to maintain voter rolls or report on election results.
The company obtained an order from a federal judge in the Eastern District of Virginia last week that gave Microsoft control of the Trickbot botnet, a global network it describes as the largest in the world. The company wants to disrupt hackers’ ability to operate with the election barely three weeks away.
Microsoft attempts takedown of global criminal botnet
Microsoft announced legal action Monday seeking to disrupt a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware, which experts consider a major threat to the U.S. presidential election.
The operation to knock offline command-and-control servers for a global botnet that uses an infrastructure known as Trickbot to infect computers with malware was initiated with an order that Microsoft obtained in Virginia federal court on Oct. 6. Microsoft argued that the crime network is abusing its trademark.
Microsoft takes down massive hacking operation that could have affected the election
Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue.
The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.
“We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world,” wrote Tom Burt, corporate vice president of customer security and trust at Microsoft, in a blog post this morning about the legal maneuver. “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
New action to combat ransomware ahead of U.S. elections
Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware.
As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust.
We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.
In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled.