American tech giant Microsoft disclosed that it had managed to disrupt a massive hacking operation; one it claimed could have indirectly affected the country's election infrastructure. The company said on Monday that it had managed to take down several servers of a malware network called Trickbot.
Microsoft stated that Tickbot was being used by criminals as a tool to launch independent cyberattacks, including the spread of ransomware digital attacks. The company said that it had obtained federal court approval to disable and block certain IP addresses to shut down the hacking network's operations.
According to a report published by The Washington Post, Microsoft's actions coincided with an offensive launched by the U.S. Cyber Command to crack down on cybercrime activities. Microsoft stated that the hacking network will likely be able to adapt and resume operations eventually. However, it stated that its efforts should result in severe disruptions to its illicit activities.
Microsoft claims in a separate technical report published on Monday that Trickbot has been used to spread the Ryuk ransomware. Attacks have reportedly been occurring at a frequency of about 20 attacks on organizations and networks per week. This includes a recent attack on Universal Health Services, one of the country's largest hospital operators.
The massive malware network reportedly allows hackers to sell illegal services to other hackers, giving them the ability to inject malware and other hacking programs to vulnerable computers and networks. This includes the injection of ransomware, which is being considered by the U.S. government as serious threats to the country's national security, particularly if it is used to disrupt election-related digital infrastructures.
"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust," Microsoft's vice-president of security, Tom Burt, said in a blog post.
Ransomware, which is commonly used by hackers to force companies to pay large sums of money in exchange for access to their own systems, has increased in occurrence since the start of the pandemic. Victims of attacks have been encouraged not to comply with any demands. The U.S. Treasury Department had even issued a warning that companies that pay ransoms could be charged with violating the country's sanctions policies.
