Published in News

Trickbot back from the dead

by on13 July 2021

Rumours of its death have been greatly exaggerated

A notorious group of Russian cyber criminals whose operations were reported to have been dismantled last year seems to be back in business.

"Trickbot", which is the name of the malware that they're responsible for creating and distributing, has built up its infrastructure and seems to be preparing for a new campaign.

The group, which has been connected to ransomware attacks and widespread theft of financial information, is an outgrowth of an older, Russia-based cybercrime group called "Dyre".

Dyre was initially broken up by Russian authorities back in 2015, the remaining members regrouped, creating new malware tools and working to employ them in even more expansive criminal enterprises.

Trickbot, which today operates out of Eastern Europe and has cells in Russia, Ukraine, Belarus, and others ran one of the world's largest botnets which it used to launch ransomware attacks throughout the world.

In autumn the Pentagon's Cyber Command did its best to debilitate Trickbot before the 2020 presidential election. CYBERCOM launched a series of "coordinated attacks" against Trickbot's servers, ultimately succeeding in disrupting its operations.

At the time anonymous sources told the Washington Post that the action was "not expected to permanently dismantle the network". Microsoft also had a crack at it by tracking and analyzing the servers that were involved in operating the botnet, subsequently garnering a court order that allowed them to disable the IP addresses connected to those servers.

Microsoft's operation involved working together with ISPs to reportedly go "door to door" in Latin America, where they helped to replace routers that had been compromised by the criminal group.

Few of the culprits behind the malware's distribution were ever tracked down or faced charges.

Security firm Fortinet claims the group has allegedly helped create a new strain of ransomware, dubbed "Diavol".  BitDefender has also found that the group has built back up its infrastructure and that it has recently been seen gearing up for new attacks and malicious activity, with the firm ultimately noting that "Trickbot shows no sign of slowing down".

Last modified on 13 July 2021
Rate this item
(1 Vote)

Read more about: