Last fall, on the eve of the elections, the U.S. Department of Defense tried to throttle a transnational cybercrime group. But the hackers have rebuilt much of their operations. It’s become clear in recent months that the gang is very much alive and well.
The Russian-speaking hacking group, sometimes referred to by the name of the malware it uses, Trickbot, has gone after millions of victims around the globe, stealing victims’ banking credentials and facilitating ransomware attacks that have left businesses scrambling to pay hefty extortion demands for years.
And now, even though the Pentagon’s U.S. Cyber Command tried to put a dent in the gang’s operations last year, there are signs the hacking gang is working behind the scenes, quietly updating its malware to monitor victims and gather intelligence. That’s according to the latest intelligence from Romania-based cybersecurity firm Bitdefender, which shared its findings exclusively with The Daily Beast.
Cyber Command went after Trickbot in advance of Election Day last year to prevent any disruptions to the 2020 presidential elections.
But in recent weeks the hackers have been updating a specific part of their operations, namely a tool that helps them remotely control victims’ computers called a VNC module, Bitdefender found. And the hackers already appear to be leveraging their new tool to plot their next attack, says Bogdan Botezatu, Bitdefender’s director of threat research and reporting.
”We’re talking about a massive operation,” Botezatu said, noting that his team set up a system mimicking a victim, known as a honeypot, and that Trickbot has already gone after it. “The administrators were doing reconnaissance… They will decide later what they can capitalize on depending on how much information is on the device or whether it’s part of a business environment or not.”
The hackers also appear to be working on infrastructure that could allow them to sell access to other attackers, according to Vikram Thakur, a technical director at the security firm Symantec, which has previously run efforts to disrupt…