The TrickBot threat group’s operators have taken down their infrastructure, making it appear as if they are permanently offline and inactive across the cybercriminal world. According to researchers, the hackers could be changing, as they had observed no latest activity since the start of 2022.
The TrickBot is a pioneer threat group, and their infrastructure has had no major update for a substantial amount of time. Moreover, researchers said that the activities of the TrickBot malware have been decreasing since last year.
The researchers also explained that they had monitored the hacking community’s unprecedented disappearance of its new builds and developments. The most recent observation done by researchers for the threat group was its last activity from December 2021, called the “top166.”
Additionally, TrickBot’s configuration file had not received any changes from its developers. This configuration includes a list of controller addresses that the bot can connect to conduct specific attacks.
Reports suggest that TrickBot’s shutdown was because of its high-detection rate among the security solution sector worldwide. However, researchers are yet to believe that TrickBot is finally done.
The TrickBot threat group as a whole may be in a state of shutdown, but other activities around other groups may still be active.
Experts believe that TrickBot’s inactivity maybe because of the members actively helping other groups such as the Emotet malware.
Some intelligence researchers monitored a spike in cases of TrickBot distributing the Qbot malware on infected systems soon after the Emotet’s reemergence in November last year. This partnership between the two groups raises the possibility of migration to other platforms.
On the other hand, many cybersecurity experts believe that the threat actors behind TrickBot are constantly attempting to update their defences and shift strategies.
All the law enforcement’s works to fend off these threats have made most groups later modify their trick, techniques, and procedures. TrickBot may have adopted these current changes and decided to help other groups since they are now highly detectable.
Organisations should equip themselves with integrated threat intelligence solutions to be one step ahead against these threats.