Latest in Gear

Image credit: athima tongloom via Getty Images

US Cyber Command disrupted the notorious Trickbot botnet

It was reportedly meant to keep elections secure.
Mariella Moon, @mariella_moon
October 10, 2020
198 Shares
Share
Tweet
Share

Sponsored Links

A computer programmer or hacker prints a code on a laptop keyboard to break into a secret organization system.
athima tongloom via Getty Images

The US Cyber Command, the Defense Department division in charge of its cyberspace operations, recently mounted an operation to disrupt one of the most massive and notorious botnets today. According to The Washington Post, CyberCom successfully (albeit temporarily) interrupted the Trickbot botnet’s operations at least a couple of times over the last few weeks. The botnet is composed of at least a million hijacked computers infected with the Trickbot malware and reportedly run by Russian-speaking criminals.

KrebsonSecurity, which was the first to report on the disruptions, the entity that interrupted the botnet sent infected computers a command that disconnected them from the servers Trickbot’s operators used to control them. Also, the entity filled the Trickbot database with bogus records to confuse the operators. At the time, Krebs didn’t have information on who or what was responsible.

The Trickbot malware can be used to steal sensitive information, such as financial data and login credentials, and the botnet can be used to infect systems with ransomware. Just this September, the botnet was used against healthcare provider Universal Health Services in an attack that locked up its network with a ransomware called Ryuk.

The Post’s report suggests that CyberCom’ actions are part of its efforts to protect the 2020 Presidential Election against foreign interference. Gen. Paul Nakasone, head of CyberCom, told The Post in a statement back in August:

“Right now, my top priority is for a safe, secure, and legitimate 2020 election The Department of Defense, and Cyber Command specifically, are supporting a broader ‘whole-of-government’ approach to secure our elections.”

That said, the group didn’t cause permanent harm to the botnet’s operations. Krebs says Trickbot operators have already started rebuilding the botnet. Hold Security’s Alex Holden also told the expert that “their ransomware operations are pretty much back in full swing” and that they’re even looking to demand more money from victims to recoup their losses.

In this article: US Cyber Command, Trickbot, botnet, news, gear
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
198 Shares
Share
Tweet
Share

Popular on Engadget

Netflix is raising the price of standard and premium plans in the US

Netflix is raising the price of standard and premium plans in the US

View
Microsoft Excel spreadsheets now take custom live data

Microsoft Excel spreadsheets now take custom live data

View
Jabra Elite 85t review: Noise-blocking comfort that rivals the best

Jabra Elite 85t review: Noise-blocking comfort that rivals the best

View
Some Google One plans now come with a complimentary VPN

Some Google One plans now come with a complimentary VPN

View
Intel's 11th-gen Rocket Lake desktop CPUs will max out at 8 cores

Intel's 11th-gen Rocket Lake desktop CPUs will max out at 8 cores

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr