A group of notorious cybercriminals whose operations were almost completely dismantled last year appears to be back in business—in yet another example of the seemingly unsolvable nature of cybercrime.
The Russian-speaking group known as “Trickbot” (which is also the name of the malware they create and distribute), has already built its infrastructure and appears to be preparing some new sinister campaign, The Daily Beast in advance. reported.
The group, which has been linked to widespread ransomware attacks and theft of financial information, is the result of an older Russia-based cybercrime group called “Dyre.” After Dyre was initially disbanded by Russian authorities in 2015, the remaining members regrouped, created new malware tools and worked to hire them in a more expansive criminal enterprise. Trickbot, which currently operates in many parts of Eastern Europe—including Russia, Ukraine, Belarus and others—is perhaps best known for running one of the largest botnets in the world.
A botnet is a large network of “zombie” devices—computers that have been infected with a special type of malware that allows hackers to collectively control them, usually for malicious purposes. In the case of Trickbot, the group has used millions of its botnets for various dirty activities, including helping launch ransomware attacks around the world.
Last fall, the Pentagon’s Cyber Command attempted to undermine Trickbot, fearing hackers linked to the group might try to interfere with the 2020 presidential election. CYBERCOM launched a series of “coordinated attacks” against Trickbot’s servers, which ultimately succeeded in disrupting its operations. However, it’s clear that federal officials don’t expect their efforts to be a long-term deterrent, with anonymous sources telling the Washington Post that the move “is not expected to permanently dismantle the network.”
Around the same time, Microsoft launched its own campaign that was also targeted at disbanding the group. The company tracks and analyzes the servers involved in operating the botnet, then collects court orders that allow them to disable the IP addresses connected to those servers. Microsoft’s operations even involved working with ISPs to reportedly go “door-to-door” in Latin America, where they helped replace routers that had been compromised by criminal groups.
However, as is often the case with cybercrimes, some of the perpetrators behind malware distribution have been tracked down or face prosecution. Earlier this year, a 55-year-old Latvian woman known by the online pseudonym “Max” was arrested and charged in federal court for her role in facilitating Trickbot’s operations. However, he was just one of the members—the others seemed to be back to business as usual.
Indeed, a recent report from security firm Fortinet appears to suggest that the group allegedly helped create a new type of ransomware, dubbed “Diavol.” Additionally, another report from BitDefender suggests that the group has been rebuilding its infrastructure and has recently been seen bracing for new attacks and malicious activity, with the company finally noting that “Trickbot is showing no signs of slowing down. ”
The critical problem with cybercrime is the same as with any other type of crime: If you don’t catch the real criminals, they’ll just be back on the streets next week doing the same thing. And, unlike other types of crime, cybercrime’s jurisdictional and anonymity issues make it much more difficult to make such arrests.