Security News > 2020 > October > TrickBot botnet targeted in takedown operations, no impact seen
The Trickbot operation started hitting serious snags towards the end of September when enslaved computers received an update that cut them off from the botnet by changing the command and control server address to 127.0.0.1.
On October 10, The Washington Post reported that the U.S. Cyber Command carried out a campaign seeking to disrupt the Trickbot botnet ahead of the presidential elections.
"While the botnet disruption did impact the normal flow of the TrickBot infections, it seems like the group was able to recover and adapt quickly resuming their regular activity," - Vitali Kremez.
Referring to the disruptions in September and early October, Lumen's Black Lotus Labs notes the same in their blog post today, saying that the disruption did not prevent new Trickbot infections "Because the botnet infrastructure remained intact."
By disrupting the TrickBot botnet, ransomware operations would also be impacted as they could no longer utilize the botnet to gain access to corporate networks.