CyberCom Disrupted Trickbot Botnet Ahead of Elections and Amid Growing Ransomware Attacks
But the gang behind the malware still appears to be up to its old tricks...

Through Cyber Command (CyberCom), the U.S. government has mounted an operation to disrupt the Trickbot botnet, the world’s largest botnet, which is run by Russian-speaking criminals who have hijacked millions of computers to engage in malfeasance, including ransomware attacks, according to officials who spoke to the Washington Post’s Ellen Nakashima. The operation isn’t expected to scuttle Trickbot permanently but is part of what the head of Cyber Command Paul Nakasone calls “persistent engagement” to force adversaries to engage constantly.
Cybersecurity journalist Brian Krebs first reported on the Trickbot operation last week without identifying Cyber Command as the disruptor. Citing research conducted by cyber intelligence firm Intel 471, Krebs noted that someone was messing around with the botnet, launching two attacks against Trickbot and pushing new configuration files that told the infected hosts their new malware control server had the address 127.0.0.1, which is a “local…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.