Microsoft disables most of cybercriminals' control over massive computer network | Inquirer
 
 
 
 
 
 

Microsoft disables most of cybercriminals’ control over massive computer network

10:37 AM October 21, 2020

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

SAN FRANCISCO — Microsoft Corp <MSFT.O> said on Tuesday it had disabled more than 90% of the machines used by a gang of Russian-speaking cyber criminals to control a massive network of computers with a potential to disrupt the U.S. election.

Aided by a series of U.S. court orders and relationships with technology providers in other countries, Microsoft said it its weeklong campaign against the gang running the Trickbot network was heading off a possible source of disruption to the Nov. 3 U.S. vote.

“We’ve taken down most of their infrastructure,” corporate Vice President Tom Burt said in an interview. “Their ability to go and infect targets has been significantly reduced.”

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

The criminals in charge of Trickbot have infected more than 1 million personal computers, including many inside local governments, according to cybersecurity professionals. They then make deals with other gangs to install ransomware and other malicious programs on the infected machines, security professionals say.

Although there is no evidence that the gang has worked with foreign governments, Burt said he wanted to disrupt Trickbot before the election in case Russian agencies attempted to use it to interfere with voting or cast doubt on the results by manipulating data.

Some security experts who had seen little impact from Microsoft’s initial efforts to combat Trickbot said this week that new control servers being brought online by the gang were getting cut off, making it harder for the group to install new programs on infected computers.

ADVERTISEMENT

“Disruption operations against Trickbot are currently global in nature and have had success against Trickbot infrastructure,” said Intel 471 Chief Executive Mark Arena. “Regardless, there still is a small number of working controllers based in Brazil, Colombia, Indonesia and Kyrgyzstan that still are able to respond.”

The Trickbot gang is now asking other malware groups to install its software, Arena and others said, and it is expected to rebuild its infrastructure in other ways.

Burt said such efforts to adapt would at least distract the gang from bringing chaos to voting or other local government activity if it had been so inclined.

Want stories like this delivered straight to your inbox? Stay informed. Stay ahead. Subscribe to InqMORNING

Don't miss out on the latest news and information.
TAGS: computer network, cybercriminals, digital technology, Microsoft
For feedback, complaints, or inquiries, contact us.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.




This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.