A group of tech companies formed together a coalition to make a coordinated effort to break the back-end infrastructure of the TrickBot malware botnet.
Some of these tech companies included organizations from Microsoft's Defender, ESET, Broadcom's Cybersecurity Division Symantec, FS-ISAC, Lumen's Black Lotus Lab, and NTT. To hit the infrastructure and malware modules.
This coalition has been spending months collecting over 100,000 TrickBot malware samples to analyze the content inside, extracting it, and sniffing through information about the Malware workings as well the servers the botnet used to control infected computers. After all the information is gathered Microsoft went to court and asked before a Judge to be granted control over the malware Trickbot servers.
The Judge approved and allowed Microsoft and the other organizations to disable the IP addresses, make the command and control servers inaccessible, disable all services to the botnet operators, and made sure any TrickBot member was unable to buy another server.
TrickBot has had over a million infected systems. Being the second biggest botnet since it started in 2016 from humble beginnings as a banking trojan then turn into a business model for Malware as a Service (MaaS)
Yet even being a successful takedown TrickBot was able to be brought back online. Activity picked back up after it's temporarily shut down. This is not the first for a Botnet to be taken down only to be put back online.
Even with it being brought back up it does setback the malware operations quite a bit. It adds costs for them to get back their infrastructure and of course the botnet being offline. It could also play another role in damaging the reputation in the cybercrime world by showing that the botnet is not safe from the coalition. Making it where customers show that it's not as worth all the fees they pay.
Another positive showed that with Microsoft's legal team. The approval of the Judge to show that TrickBot was violating against Terms of Service (ToS) and allowed Microsoft to use full force against the botnet which may prove valuable for future takedowns on other botnets.
