Advertisement

Microsoft disables most of cybercriminals' control over massive computer network

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration

By Joseph Menn

SAN FRANCISCO (Reuters) - Microsoft Corp <MSFT.O> said on Tuesday it had disabled more than 90% of the machines used by a gang of Russian-speaking cyber criminals to control a massive network of computers with a potential to disrupt the U.S. election.

Aided by a series of U.S. court orders and relationships with technology providers in other countries, Microsoft said it its weeklong campaign against the gang running the Trickbot network was heading off a possible source of disruption to the Nov. 3 U.S. vote.

"We've taken down most of their infrastructure," corporate Vice President Tom Burt said in an interview. "Their ability to go and infect targets has been significantly reduced."

The criminals in charge of Trickbot have infected more than 1 million personal computers, including many inside local governments, according to cybersecurity professionals. They then make deals with other gangs to install ransomware and other malicious programs on the infected machines, security professionals say.

Although there is no evidence that the gang has worked with foreign governments, Burt said he wanted to disrupt Trickbot before the election in case Russian agencies attempted to use it to interfere with voting or cast doubt on the results by manipulating data.

Some security experts who had seen little impact from Microsoft's initial efforts to combat Trickbot said this week that new control servers being brought online by the gang were getting cut off, making it harder for the group to install new programs on infected computers.

"Disruption operations against Trickbot are currently global in nature and have had success against Trickbot infrastructure," said Intel 471 Chief Executive Mark Arena. "Regardless, there still is a small number of working controllers based in Brazil, Colombia, Indonesia and Kyrgyzstan that still are able to respond."

The Trickbot gang is now asking other malware groups to install its software, Arena and others said, and it is expected to rebuild its infrastructure in other ways.

Burt said such efforts to adapt would at least distract the gang from bringing chaos to voting or other local government activity if it had been so inclined.

(Reporting by Joseph Menn in San Francisco; Editing by Tom Brown)