Microsoft takes down hacking network with potential to disrupt election

Microsoft takes down hacking network with potential to disrupt election

A group of tech companies dismantled a powerful hacking tool used by Russian attackers just three weeks before the US presidential election. On Monday, Microsoft announced actions against Trickbot, a Russian botnet that’s infected more than a million computers since 2016 and that’s behind scores of ransomware attacks.

Cybersecurity experts have raised concerns about ransomware attacks casting doubt on election results. While a ransomware attack wouldn’t change votes and could only lock up machines, the chaos stirred by a cyberattack could create uncertainty about the outcome of the results.


Election officials in most states have offline backup measures in the event of a ransomware attack, but have a harder time tackling the disinformation that comes with getting hacked. Ransomware attacks are also a concern for counties because they don’t have many cybersecurity resources.

Ransomware attacks have steadily increased over the four years since Trickbot came online, and they’ve targeted municipal institutions like schools, courts and hospitals. Trickbot, the world’s largest botnet, is believed to be behind last month’s ransomware attack on Universal Health Services, which locked up computers in hundreds of hospitals in the US.

Trickbot hasn’t affected any election infrastructure yet, and US officials have noted that there haven’t been significant cyberattacks against the US election, but the takedown announced Monday closes off a powerful tool that Russian hackers could’ve used to interfere with the election.

“We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems,” Microsoft’s vice president of customer security and trust, Tom Burt, said in a statement.

The cybersecurity arm of the Department of Homeland Security expressed its gratitude for the work by Microsoft and its partners to disrupt the operation.

“The types of harmful activities enabled by TrickBot, including ransomware attacks, are clearly on the rise in the U.S. and I firmly believe that we’re on the verge of a global emergency,” Cybersecurity and Infrastructure Security Agency director Chris Krebs said in a statement. “And with the U.S. election already underway, we need to be especially vigilant in protecting these systems.”…Read more>>