Ten days ago, Microsoft proudly announced that they managed to severely disrupt the Trickbot botnet operations in the United States, which threatened the upcoming Presidential Elections in the country. That effort required substantial collaborative action from other firms like ESET, Symantec, and also the law enforcement authorities, the FBI, and internet service and hosting providers.
Still, though, Tickbot was far from being killed, as it was left to keep control points in another twenty countries, so the risk of seeing it re-emerge in the United States was real.
Related: Microsoft Severely Disrupted the Trickbot Botnet Operations
Microsoft has returned with an update on this matter, announcing that they took apart 94% of Trickbot’s critical operational infrastructure located around the globe, so they crippled the botnet for good this time.
In numbers, Microsoft initially disabled 62 out of the total 69 servers that were in the core of Trickbot’s operations. The hackers quickly set up 59 new servers which were immediately identified by Microsoft and were taken down before they could be added to the operational infrastructure.
The firm’s security experts continue their effort to tackle the threat, as Trickbot is not giving up. They are already scrambling to find alternative ways to stay active and reach out to infected IoTs, but it’s not easy when you’re being tracked so closely.
Characteristically, it took Microsoft only a couple of hours before they were able to identify new Trickbot servers. In one case, Microsoft coordinated with a hosting provider to take down a new server in less than six minutes.
For sure, Trickbot will keep on trying, and the security community will continue to attempt to keep things under control. That is at least until the elections are over or until the notorious botnet operators are arrested. This last part belongs to the FBI, but it is unknown how close the agency is to identify the actors, who have remained locked in their crosshair since at least 2018.