Latest TrickBot news

Europol identifies 8 cybercriminals tied to malware loader botnets

Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation.
- Bill Toulas
- May 31, 2024
- 12:40 PM
- 2
Police seize over 100 malware loader servers, arrest four cybercriminals

An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
- Bill Toulas
- May 30, 2024
- 04:35 AM
- 1
The Week in Ransomware - January 26th 2024 - Govts strike back

Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.
- Lawrence Abrams
- January 27, 2024
- 12:19 PM
- 0
Russian TrickBot malware dev sentenced to 64 months in prison

Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.
- Sergiu Gatlan
- January 25, 2024
- 01:52 PM
- 0
TrickBot malware dev pleads guilty, faces 35 years in prison

On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide.
- Sergiu Gatlan
- December 01, 2023
- 04:51 PM
- 0
The Week in Ransomware - September 8th 2023 - Conti Indictments

It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members.
- Lawrence Abrams
- September 08, 2023
- 05:45 PM
- 0
US and UK sanction 11 TrickBot and Conti cybercrime gang members

The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations.
- Lawrence Abrams
- September 07, 2023
- 10:27 AM
- 0
Ex-Conti members and FIN7 devs team up to push new Domino malware

Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.
- Lawrence Abrams
- April 17, 2023
- 04:36 PM
- 0
The Week in Ransomware - February 10th 2023 - Clop's Back

From ongoing attacks targeting ESXi servers to sanctions on Conti/TrickBot members, it has been quite a busy week regarding ransomware.
- Lawrence Abrams
- February 10, 2023
- 06:24 PM
- 0
U.S. and U.K. sanction TrickBot and Conti ransomware operation members

The United States and the United Kingdom have sanctioned seven Russian individuals for their involvement in the TrickBot cybercrime group, whose malware was used to support attacks by the Conti and Ryuk ransomware operation.
- Lawrence Abrams
- February 09, 2023
- 10:21 AM
- 6
New Bumblebee malware replaces Conti's BazarLoader in cyberattacks

A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.
- Ionut Ilascu
- April 28, 2022
- 07:45 AM
- 0
Google exposes tactics of a Conti ransomware access broker

Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations.
- Bill Toulas
- March 17, 2022
- 04:30 PM
- 0
Microsoft creates tool to scan MikroTik routers for TrickBot infections

The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.
- Bill Toulas
- March 17, 2022
- 08:22 AM
- 0
Massive phishing campaign uses 500+ domains to steal credentials

Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.
- Ionut Ilascu
- March 15, 2022
- 12:10 PM
- 0
TrickBot malware operation shuts down, devs move to stealthier malware

The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.
- Lawrence Abrams
- February 25, 2022
- 06:51 PM
- 0
The Week in Ransomware - February 18th 2022 - Mergers & Acquisitions

The big news this week is that the Conti ransomware gang has recruited the core developers and managers of the TrickBot group, the developers of the notorious TrickBot malware.
- Lawrence Abrams
- February 18, 2022
- 06:17 PM
- 0
Conti ransomware gang takes over TrickBot malware operation

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.
- Ionut Ilascu
- February 18, 2022
- 10:11 AM
- 0
TrickBot now crashes researchers' browsers to block malware analysis

The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts.
- Bill Toulas
- January 25, 2022
- 03:06 PM
- 0
FBI links Diavol ransomware to the TrickBot cybercrime group

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan.
- Lawrence Abrams
- January 20, 2022
- 01:37 PM
- 0
TrickBot phishing checks screen resolution to evade researchers

The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers.
- Ionut Ilascu
- November 26, 2021
- 01:02 PM
- 0