![]() ![]() ![]() ![]() ![]() When security analysts monitor the connections infected computers make, the researchers see IP addresses belonging to compromised routers inside homes and businesses. Instead of infected computers connecting directly to the control servers, the computers connect to the compromised routers, which act as go-betweens. Trickbot operators, Microsoft said on Wednesday, are compromising MikroTik devices and using those devices to conceal the location of the command and control servers that exchange data and commands with infected computers. The malware often uses readily available software like Mimikatz or exploits like EternalBlue, which was stolen from the National Security Agency. It excels at gaining powerful administrator privileges, spreading rapidly from computer to computer in networks, and performing reconnaissance that identifies infected computers belonging to high-value targets. The malware driving Trickbot is notable for its advanced capabilities. Since then, Trickbot has mushroomed into one of the Internet's most aggressive threat platforms, thanks to its highly modular, multistage malware framework that provides a full suite of tools that are used to install ransomware and other forms of malware from other hacking groups. Trickbot came to light in 2016 as a trojan for stealing account passwords for use in bank fraud. Now, Microsoft has finally figured out why and how the routers are being put to use. For years, malicious hackers have been hacking large fleets of MikroTik routers and conscripting them into Trickbot, one of the Internet’s most destructive botnets. ![]()
0 Comments
Leave a Reply. |