It’s not just the US government racing to disrupt the Trickbot botnet ahead of elections. Microsoft has revealed that it and multiple partners (including ESET, Lumen’s Black Lotus Labs, NTT, Symantec and FS-ISAC) have taken steps to disrupt Trickbot. The tech giant obtained a court order and used “technical action” to prevent the botnet from either starting new infections or activating any dormant ransomware.
The company’s court approval let it disable IP addresses for Trickbot’s command-and-control servers, suspend services to the operators, make server content inaccessible, and block the operators from buying or leasing more servers. On top of this, Microsoft even make copyright claims against Trickbot for reportedly makign “malicious use” of the company’s code.
Microsoft was primarily concerned that Trickbot’s operators would use the botnet to disrupt the imminent US election through ransomware. Attackers could lock down systems maintaining voter rolls or reporting on election night results, the