Special Report: Microsoft, Cybersecurity Organizations Worked Unknowlingly in Tandem with CyberCom to Disrupt Trickbot

Goal was to prevent election-related ransomware attacks by the Russian criminals; botnet disrupted but not permanently disabled

In a move designed to protect the upcoming election, Microsoft and a crew of cybersecurity companies and organizations have disrupted Trickbot, a Russian language hacking operation, through a coordinated action that, unbeknownst to the companies, occurred at the same time U.S. Cyber Command was also attempting the same feat. Microsoft’s executive who had been overseeing the team conducting the operation made it clear that the top concern was ransomware hitting major voting jurisdictions come election day.

If that were to happen, it “would be a huge story. It would churn on forever. And it would be a huge win for Russia. They would be toasting with vodka well into the next year,” Microsoft’s Tom Burt said. FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Broadcom's cyber-security division Symantec were also part of the operation. (David Sanger and Nicole Perlroth / New York Times)

As Brian Krebs points out, Microsoft accomplished its attack using a legal maneuver to gain control ove…