Security researchers at Advanced Intelligence (AdvIntel) believe threat actors associated with TrickBot malware have partnered with the Conti ransomware gang, according to a recent report. TrickBot is a highly modular, multi-stage malware that has been active since 2016. TrickBot has survived a takedown attempt and helped relaunch the Emotet malware. Conti ransomware emerged in 2020 and since then has prospered by attaining crime syndicate status, according to AdvIntel, amidst a global crackdown on cybercrime. Conti’s success was likely due to its partnership with TrickBot, according to the researchers. “The Emotet-TrickBot-Ryuk supply chain was extremely resilient. And with a stable and high-quality supply of accesses coming from a single organized source, Conti was able to maintain its image without any major structural changes.” The availability of Trickbot IOCs have made the malware more easily detectable, thus TrickBot members are now working with its stealthier replacement, BazarBackdoor. Access the full report at AdvIntel or read a relevant news article here.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!