In October of 2020, the group behind the infamous botnet known as Trickbot had a bad few days. The group was under concerted pressure applied by US Cyber Command infiltrating the botnet, and allegedly, providing alternate configuration files to break the bot’s connections to the larger network. At the same time, Microsoft along with other partners, secured court orders to take over and take down Trickbot command and control servers.
While this did appear to have a short term effect on limiting the scope of the botnet operators, there have been reports on the limits of its’ effectiveness. In our collection there was certainly a drop in overall Trickbot activity, but since the October disruption, we have seen it begin to rise again; this is a recent intrusion from late December.