October 13, 2020
Microsoft targets malware vendor Trickbot amid US election fears
Microsoft said Monday it had taken down malware vendor Trickbot in an effort to thwart attempts to meddle with the upcoming US presidential election.
The tech giant's announcement came as The New York Times reported United States Cyber Command also targeted the group amid fears hackers could use malware to upend the November 3 vote, in which President Donald Trump seeks a second term against challenger Joe Biden.
"We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world," said Tom Burt, Microsoft's vice president for customer security and trust.
Burt said Trickbot distributed ransomware, a type of malware that would allow hackers to infect a computer and then take control of it at an opportune time.
"We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems," he said.
"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust."
Trickbot has infected more than a million devices worldwide since late 2016 and could provide hackers access to machines including routers, Burt said, adding that "research suggests they serve both nation-states and criminal networks for a variety of objectives."
The group infected computers via malicious documents or links related to news topics such as COVID-19 or the Black Lives Matter movement, Burt said.
It was unclear who was behind Trickbot, but industry experts say those involved speak Russian. US intelligence agencies concluded Russia interfered in the 2016 election to aid Trump's successful bid for office.
© 2020 AFP