Skip to Content

Microsoft takes down massive hacking operation that could have affected the election

Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue.

The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.

Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.

Microsoft acknowledged that the attackers are likely to adapt and seek to revive their operations eventually. But, Microsoft said, the company’s efforts reflect a “new legal approach” that may help authorities fight the network going forward.

Trickbot allowed hackers to sell what Microsoft said was a service to other hackers — offering them the capability to inject vulnerable computers, routers and other devices with other malware.

That includes ransomware, which Microsoft and US officials have warned could pose a risk to websites that display election information or to third-party software vendors that provide services to election officials.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” Microsoft VP of security Tom Burt wrote in a blog post.

Ransomware seizes control of target computers and freezes them until victims pay up — though experts urge those affected by ransomware not to encourage hackers by complying with their demands. The Treasury Department has warned that paying ransoms could violate US sanctions policy.

He added: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”

A separate technical report by Microsoft on Monday said Trickbot has been used to spread the Ryuk ransomware. Security experts say Ryuk has been attacking 20 organizations per week, and was reportedly the ransomware that Universal Health Services, one of the nation’s largest hospital companies.

But Trickbot has also been used to spread false and malicious emails containing malware that tried to lure victims in with messaging surrounding Black Lives Matter and Covid-19, Microsoft said.

Microsoft said Trickbot has infected more than 1 million computing devices globally since 2016 and that its operators have acted on behalf of both governments and criminal organizations, but their exact identity remains ambiguous.

Taking down Trickbot follows a series of attacks that became highly publicized in recent weeks: One targeting Tyler Technologies, a software vendor used by numerous local governments, and Universal Health Services, one of the nation’s largest hospital companies. A statement on Tyler Technologies’ website has said the company does not directly make election software and the software it does produce that is used by election officials to display voting information is separate from its internal systems that were affected by the attack.

Ransomware could pose a risk to the election process if systems designed to support voting are brought down, according to Check Point threat analyst Lotem Finkelsteen, but so far experts regard it as “mainly a hypothetical threat right now.”





  1. Add to that and the massive mail in ballot fraud, I mean “oppsies,” with countless ballots being thrown in trash dumpsters, ditches, sent to the wrong people, sent to the dead, sent to illegal aliens, states extending election “day” out a week. Oh wait. CNN, AP, and the democrats have assured us there is “no evidence” of ballot fraud.

    1. What is “ballot fraud”? Do you meat voter fraud? Please, give us some sources on mail-in voter fraud. One of the last studies done show the percentage of fraud at .0006%.
      What do you have to say about Republican governors (like in Texas) limiting ballot drop boxes to ONE per county? For loving the Constitution, GOP folks like yourself take great pride in limiting Americans’ Constitutional right to vote!

    2. You’re the first one to say “fake news” but when you see a yokel on YouTube dumping grainy white paper into the trash that’s all the evidence you need to claim election fraud.

      You have all these crazy claims but not a single reputable individual that will put their name behind the mountains of evidence you claim to have.

      And the funniest part of your comment, my friend, is after producing literally zero evidence to support your nonsense, you just blame the scarecrow in the field that you’ve been told to blame for everything.

      Please, post any REPUTABLE (no blog posts or Infowars trash) source you can find so we can see how rampant this fraud is. Otherwise it’s pretty ironic your username has a nose joke in it, Pinocchio.

      1. Would that include news reports of “Indicted”, “Charged”, “Convicted”, or “Sentenced”? or are those unacceptable forms of proof? How about “under investigation”? Because, if any of those are acceptable forms of proof . . . you’re about to get swamped with “proof”!

    3. I find it interesting that the real threat the intelligence community has warned us about (electronic hacking of the voter roles and election results) and that we see here has nothing to do with Bunker Baby’s paranoid rants about mail-in ballots. In fact, since mail-in ballots are paper and not electronic, common sense would tell you that they are in fact more secure, and can be verified more easily.

Leave a Reply

Skip to content