Dastardly Trickbot Botnet Has Nearly Been Defeated By Microsoft And Its Security Partners

microsoft malware lab
The Trickbot botnet is under the gun in a significant way. Both Microsoft and the U.S Military Cyber Command have both been targeting Trickbot this year in hopes of taking it down. Microsoft claims that “As of October 18, [they’ve] worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure.”

A couple of weeks ago, U.S Military Cyber Command was able to attack Trickbot’s servers. Microsoft, on the other hand, reports they were able to disable them entirely. Microsoft identified 69 servers used for Trickbot and was able to disable 62 for command-and-control. The seven other servers were "internet of things" (IoT) devices as part of the infrastructure. Microsoft is actively working to take these down currently.
new trickbot
Global Trickbot Servers

Since the initial 62 servers were disabled, the criminals behind Trickbot “scrambled to replace the infrastructure [Microsoft] initially disabled.” Microsoft was able to identify 59 new servers that were attempted to be added to the Trickbot network. These all were disabled except one, making the total 120 servers taken down out of 128.

Tom Burt, corporate VP of Customer Security & Trust at Microsoft, writes that “this work has always been about disrupting Trickbot’s operations during peak election activity – doing what we can to take action at a critical time – and we’re encouraged by what we’re seeing.” No matter what, Microsoft is expecting this to be a constant and fluctuating battle. Trickbot will always be “looking for ways to stay operational,” while Microsoft continues to knock them back. If you want to read about Microsoft's Defending Democracy Program, you can do so on their site here.