Security News > 2021 > March > Five Months After Takedown Attempt, CISA and FBI Warn of Ongoing TrickBot Attacks
Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn.
In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.
In October 2020, Microsoft announced the takedown of the infrastructure behind TrickBot, but the malware survived the attempt.
Now, CISA and the FBI reveal they have observed "Continued targeting through spearphishing campaigns using TrickBot malware in North America," thus confirming that TrickBot's operators were able to restore their malicious operation.
A modular piece of malware, TrickBot is capable of stealing information from the victims' browsers, spread laterally across the network, gather system information, manipulate system data, exfiltrate information, mine for crypto-currency, search for vulnerabilities in system firmware, and drop additional payloads onto the system, such as Emotet or the Ryuk and Conti ransomware.
In their joint advisory, CISA and FBI included a series of recommendations for network defenders looking to improve their security posture and stay better protected against TrickBot attacks.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA, FBI Issue Guidance for Securing Communications Infrastructure (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign (source)