Microsoft and the U.S. Cyber Command took down a large hacking operation that could have interfered in the election – despite both not realizing they were working in tandem.
“Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware,” Microsoft Corporate Vice President Tom Burt said in a statement Monday.
“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” Burt continued.
Burt warned that Trickbot and other companies using ransomware could use the software “to infect a computer system used to maintain voter rolls or report on election-night results.” (RELATED: Hackers Invited To Test Election Systems After Years Of Resistance)
Microsoft received a federal court order allowing them to disable IP addresses associated with Trickbot servers. However, Microsoft said they “fully anticipate” Trickbot to “revive their operations,” but that they plan on taking any steps necessary to stop the hacking.
However, seemingly unbeknown to Microsoft, the U.S. Cyber Command had already been hacking Trickbot’s command and control servers last month, The New York Times (NYT) reported.
Using a model created in 2018, Cyber Command commenced a series of preemptive strikes against the hackers, which they believe could have disrupted the election, per the same report.
Trickbot has been used to steal online banking credentials as well as using malware that locks a victims’ computer until they pay a ransom. But the software would be prime for targeting Election Day.
“Just imagine that four to five precincts were hit with ransomware on Election Day,” Burt said, per the NYT. “Talk about throwing kerosene on this unbelievable discussion of our elections and about whether the results are valid or not. It would be a huge story. It would churn on forever. And it would be a huge win for Russia. They would be toasting with vodka well into the next year.”
While Burt notes Russia could be behind the hacking, it remains unclear what connection, if any, Trickbot has with Russia, per the NYT.