A week ago, Microsoft announced it is working with various Companies security and telecommunications agency to take down the Trickbot botnet following a court order issued in the US.
The company said that this botnet is quite advanced and that it uses a malware model as a service to infect IoT systems and devices with ransomware.
The identities of Trickbot's operators are currently unknown, and Microsoft has said it has been used for individual criminal enterprises as well as government targets, making it even more dangerous for presidential candidates. elections of the United States.
Today, the company provided more details for what he has done so far for the Trickbot network but also what he intends to do next.
Microsoft says it has halted 18% of Trickbot critical business infrastructure in just a few days since Oct. 94. Of the 69 major Trickbot servers detected, 62 have crashed and botnet administrators are trying to add new infrastructure. Microsoft said it had managed to add 59 new servers but the company immediately shut them down, bringing the number of servers down to 120 from 128.
The company from Redmond states that this is an active operation and is a laborious process with managers from the opposing side who do not stop insisting. So these elements will change regularly in the next period. However, the company states that:
First of all, after securing the court order that allowed it to disable Trickbot's core infrastructure, it will continue to do so until Election Day on November 3rd. It works with global companies and hosting providers to reveal new command servers and control as well as compromised IoT devices.
Then Microsoft noticed that people using Trickbot were trying to build new infrastructure and collaborate with other criminals. The movement is not nearly as dangerous as the natives possibilities of Trickbot, but it's still something to keep an eye on.
Finally, Microsoft says its team is well-trained and highly trained in Trickbot infrastructure and can detect malicious activity. The team speaks directly to local ISPs, telecommunications companies and global partners who monitor and share information about Trickbot 24/7 activities.