Discussion

• @cnnbrk @cnnbrk on x

  Microsoft says it has taken down the servers behind Trickbot, an enormous malware network that it says could have indirectly affected election infrastructure https://www.cnn.com/...

• @itsreallynick Nick Carr on x

  Two-part approach: • court order • technical action with ISPs Result: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.” https://blogs.microsoft.com/ …

• @cmmorris84 Christopher Morris on x

  Hopefully we see more of this happening. Might not be able to charge the actual people behind the keyboard, but sure as hell can dismantle or confiscate ‘infrastructure’ used to commit illegal acts. MaaS is a major disruption similar to nautical piracy and needs to be dealt with.…

• @sixdub Justin Warner on x

  Shoutout to all of those who might be behind the scenes involved with this! There will be different opinions on what the “right” course of action is, but I applaud collaboration of intelligence/research ending in disruption. (1/2) https://www.washingtonpost.com/ ...

• @shah_sheikh Shah Sheikh on x

  Microsoft and other tech companies orchestrate takedown of TrickBot botnet: FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, Symantec, and the Microsoft Defender team participated in the takedown. https://www.zdnet.com/... https://twitter.com/...

• @campuscodi Catalin Cimpanu on x

  NEW: Microsoft and other tech companies orchestrate takedown of TrickBot botnet -Participants obtained a court order to take over TrickBot command and control servers -TrickBot had more than 1 million infected hosts at the time of the takedown https://www.zdnet.com/... https://tw…

• @campuscodi Catalin Cimpanu on x

  @Jan0fficial Yeah, I suspected this wasn't going to work. TrickBot and Emotet have complex C2 mechanisms. Some offshoot is very likely to survive https://twitter.com/...

• @bradsmi Brad Smith on x

  Ransomware is a significant threat to the upcoming election. Great work to protect the integrity of our elections and our democracy by @TomBurt45 and our DCU team. https://www.nytimes.com/...

• @martenmickos Mrten Mickos on x

  Great job by Microsoft to disrupt a botnet called Trickbot, one of the world's most infamous botnets and prolific distributors of ransomware https://blogs.microsoft.com/ ...

• @gerryconway @gerryconway on x

  When we need to depend on Microsoft to save us from Russian election interference, you know we're severely f**ked. https://www.washingtonpost.com/ ...

• @frankfigliuzzi1 Frank Figliuzzi on x

  The daily battle to secure our election: Microsoft wins court order to take down TrickBot, a botnet that threatens election integrity - The Washington Post https://www.washingtonpost.com/ ...

• @stevekopack Steve Kopack on x

  Microsoft and a team of companies & law enforcement groups have taken out (at least temporarily) a botnet used to attack computing infrastructure of banks, towns, and hospitals. “Hundreds of thousands, if not not millions of computers” were infected. https://www.nytimes.com/...

• @abuse_ch Abuse.Ch on x

  While I do much appreciate @msftsecurity 's effort for a safer internet, I'm asking myself how successful this disruption attempt was. I do still see active TrickBot C2s and a large amount of the Tier-2 infrastructure I am aware of is still online 🧐 https://blogs.microsoft.com/ .…

• @ericgeller Eric Geller on x

  Microsoft worked with Symantec, ESET, and other partners to disable Trickbot's infrastructure. More details here: https://symantec-enterprise- blogs.security.com/... https://www.eset.com/... https://blog.lumen.com/...

• @ericgeller Eric Geller on x

  Ransomware affecting election systems is one of U.S. officials' biggest concerns right now. Microsoft execs told NYT that “they had carefully timed their operations to put Russian cybercriminals on their heels weeks before the election.” https://www.nytimes.com/...

• @nakashimae Ellen Nakashima on x

  Microsoft used a court order to try to take down TrickBot, a botnet that it says could threaten election integrity. CyberCom moved against the same bot network. W/@greene https://www.washingtonpost.com/ ...

• @campuscodi Catalin Cimpanu on x

  @Techmeme @briankrebs Yep. Called it earlier today. Definitely gonna fail: https://twitter.com/... TrickBot had a layered C&C communications channel. Tiered backups for backups. Now imagine that Emotet is even more complex than this. Not taking down Emotet anytime soon.

• @nakashimae Ellen Nakashima on x

  Microsoft seeks to disrupt Russian criminal botnet it fears could try to sow confusion in the election, but outside researchers say as of Monday afternoon the botnet is still active and adding new victims. w/@greene https://www.washingtonpost.com/ ...

• @briankrebs @briankrebs on x

  Added some much-needed perspective from Intel 471 on why any attempt to take down Trickbot is likely to fail. tl;dr: Their backup communication method relies on ToR and EmerDNS, which allows the use of domains that can't be taken down by any authority https://krebsonsecurity.com/…

• @briankrebs @briankrebs on x

  Microsoft has executed a sneak attack against the Trickbot botnet, based on novel claims that the ransomware-spreading menace abused its trademarks. The action comes days after U.S. Cyber Command hit Trickbot. However, many Trickbot servers are still up. https://krebsonsecurity.c…