December 7, 2021

Microsoft disables control of most cybercriminals on massive computer network

FILE PHOTO: Silhouettes of mobile users can be seen next to a screen projection of the Microsoft logo in this photo illustration taken on March 28, 2018. REUTERS / Dado Ruvic / Illustration / File Photo

SAN FRANCISCO (Reuters) – Microsoft Corp MSFT.O said on Tuesday that it had disabled more than 90% of the machines used by a Russian-speaking cybercriminal gang to control a huge network of computers that could disrupt the U.S. election.

Aided by a series of orders from U.S. courts and relationships with tech vendors in other countries, Microsoft said its week-long campaign against the gang that ran the Trickbot Network was a possible source of voting disruption. American November 3.

“We destroyed most of their infrastructure,” company vice president Tom Burt said in an interview. “Their ability to go and infect targets has been drastically reduced. “

The criminals in charge of Trickbot have infected more than a million personal computers, many of them in local governments, according to cybersecurity professionals. They then make deals with other gangs to install ransomware and other malware on infected machines, according to security professionals.

While there is no evidence the gang worked with foreign governments, Burt said he wanted to disrupt Trickbot ahead of the election in case Russian agencies attempt to use it to interfere with the vote or throw out Trickbot. doubt about the results when manipulating data.

Some security experts who had seen little of an impact from Microsoft’s initial efforts to tackle Trickbot said this week that new control servers brought online by the gang were down, making it more difficult for the group. install new programs on infected computers.

“Disruption operations against Trickbot are currently global in nature and have been successful against Trickbot’s infrastructure,” said Mark Arena, general manager of Intel 471. “Either way, there is still a small one. number of active controllers based in Brazil, Colombia, Indonesia and Kyrgyzstan who are still able to respond. “

The Trickbot gang is now asking other malware groups to install their software, Arena and others said, and they should rebuild their infrastructure in another way.

Burt said such adaptation efforts would at least steer the gang away from chaos during voting or other local government activities if they had been so inclined.

Report by Joseph Menn in San Francisco; Editing by Tom Brown


Source link