After several months of downtime, the operators of the sensational TrickBot botnet shut down their infrastructure. Thus, one of the most dangerous and long-lasting malicious operations has now been discontinued.
As the head of the AdvIntel information technology company Vitaly Kremez told The Record, disabling the botnet was highly expected. The fact is that security solutions have learned to detect TrickBot malware very well, and its operators have lost the ability to consistently infect Windows machines and sell access to them to their customers.
“After all, Trickbot is a relatively old malware that has not received major updates. The detection level is very high, and the network traffic of bots is easily recognized,” Intel471 specialists reported.
According to Kremez, another reason for disabling the botnet is the transition of its operators “under the wing” of the cyber extortion group Conti.
By the end of 2021, Conti had moved away from the Emotet botnet, and now several key members of the TrickBot group have joined its ranks.
The new management seems to have decided to abandon the TrickBot codebase and infrastructure. According to Kremez, Conti is currently working with TrickBot developers to improve and deploy BazaarBackdoor, one of the TrickBot modules, which should become a replacement for itself.
In 2020, American law enforcement agencies, together with information security companies, disabled most of TrickBot’s C&C infrastructure. Although the group lost 94% of its servers, the botnet survived and returned with new servers in a few days, and after a few weeks, new attacks began.
In 2021, the US authorities charged and detained two TrickBot programmers, but the leadership of the group remained intact. The grouping continued to function throughout 2021 before joining Conti and switching to a new code base.
Before the termination of operations in December last year, TrickBot infected more than 140 thousand systems in a year.
According to the information security company Hold Security, in 2021 the group spent more than $20 million on its infrastructure.