TrickBot operators have taken their infrastructure offline. As it appears, hackers could be undergoing management changes as no new activity had been observed since the onset of the year.
What’s happening?
The TrickBot is a very old malware and no major update has been introduced to it for a long time.
- According to Intel471, activities of the malware, which operated as a Crimeware-as-a-service for targeting Windows OS, have been declining since the last year.
- Researchers have been observing an unusual disappearance of its new builds. The last build was observed on 28 December 2021, with the gtag top166.
- In addition, the malware configuration file (mcconf) had not undergone any changes. This configuration file includes a list of controller addresses the bot can connect to.
According to reports, the malware had become highly detectable by almost all the security systems. But, will it give up is still a subject to ponder.
It has Emotet’s shoulder
Going by experts, the decline in the volume of the Trickbot campaigns is accompanied by the fact that its operators are working with Emotet malware.
- Emotet has witnessed a resurgence late last year after a ten-month break following law enforcement efforts to stop it.
- Moreover, Intel experts observed a spike in cases of TrickBot spreading Qbot on compromised systems soon after Emotet's return in November 2021, raising the possibility of migration shake-up to other platforms.
Meanwhile, many security experts think that the attackers behind TrickBot are actively trying to shift tactics and update their defensive actions.
The Conti-TrickBot partnership is also a hint
According to another report by AdvIntel, the Conti ransomware group is believed to have hired several elite developers of TrickBot to retire the malware and now upgraded to other variants such as BazarBackdoor.
Conclusion
The takedown attempts by law enforcement have certainly made several groups alter their tactics, and Trickbot is no exception. New and improved malware platforms collaborating for big game hunting are not new either. Organizations must equip themselves with reliable threat intel solutions to stay ahead of the curve.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/9ce2_shutterstock_1871295475.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/4e1f_shutterstock_530331409.jpg)
